scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-30 01:42:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed invalid "flow_last_seen" timestamp for the first packet.

Browse Source 
* After the first packet was processed, "flow_last_seen" was still 0.
   This behaviour is invalid as the first packet may contain l4 payload data e.g. for UDP
   and it also breaks nDPId json consistency "flow_first_seen" > 0, but "flow_last_seen" == 0.
 * JSON schema: set minimum timestamp value for Epoch timestamps to 24710 for flow_*_seen and
   1 for pcap packet ts. Those values are dependant on some manipulated pcap's in libnDPI/tests/pcap.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2021-10-08 11:12:32 +02:00
parent fe77c44e3f
commit 315f90f982
217 changed files with 23435 additions and 24005 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nDPId.c
View File

@@ -2999,7 +2999,7 @@ static void ndpi_process_packet(uint8_t * const args,
flow_to_process->flow_extended.total_l4_payload_len += l4_payload_len;
if (flow_to_process->flow_extended.first_seen == 0)
{
flow_to_process->flow_extended.first_seen = time_ms;
flow_to_process->flow_extended.first_seen = flow_to_process->flow_extended.flow_basic.last_seen = time_ms;
}
if (l4_payload_len > flow_to_process->flow_extended.max_l4_payload_len)
{

6
schema/flow_event_schema.json
View File

@@ -68,10 +68,12 @@
"type": "number"
},
"flow_first_seen": {
"type": "number"
"type": "number",
"minimum": 24710
},
"flow_last_seen": {
"type": "number"
"type": "number",
"minimum": 24710
},
"flow_max_packets": {
"type": "number"

3
schema/packet_event_schema.json
View File

@@ -79,7 +79,8 @@
"type": "number"
},
"pkt_ts_sec": {
"type": "number"
"type": "number",
"minimum": 1
},
"pkt": {
"type": "string"

1375
test/results/1kxun.pcap.out
View File

File diff suppressed because it is too large Load Diff

6
test/results/443-chrome.pcap.out
View File

@@ -1,8 +1,8 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02382{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109434,"pkt_ts_usec":258190,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1

2
test/results/443-curl.pcap.out
View File

@@ -1,5 +1,5 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113120474,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":474299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
00436{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":512991,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":513098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}

2
test/results/443-firefox.pcap.out
View File

@@ -1,5 +1,5 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109488041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":41083,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":79587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":79695,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}

2
test/results/443-git.pcap.out
View File

@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113657633,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":633853,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":744320,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":744421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}

2
test/results/443-opvn.pcap.out
View File

@@ -1,5 +1,5 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581153175528,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":528454,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":550065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":550155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}

2
test/results/443-safari.pcap.out
View File

@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109359601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":601646,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":639845,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":639949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}

4
test/results/4in6tunnel.pcap.out
View File

@@ -1,7 +1,7 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19243,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00552{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19246,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00832{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19247,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02371{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19248,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}

4
test/results/6in4tunnel.pcap.out
View File

@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":1444236893450,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00528{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":450580,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00527{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":555356,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00611{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236894,"pkt_ts_usec":230722,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"ACKQ3jvZAAAkzoE0CABFAAC6tdFAAP8pFqmuA0kYuGn\/GmAAAAAAfjpAIAEEcB8WAT8AAAAAAAAAAiYEqIAAAQAgAAAAAAIksAEBA9KAAAAAAGAAAAAATgY2JgSogAABACAAAAAAAiSwASABBHAfFwE\/JaMykhb5LOAD4exLUvt9fRlwFpiAGABJEPkAAAEBCAq0MT0ACHX6xhcDAwApoxPniAjxmmXGKxqxVV6nOvla9FPS7Dtl2rRDlmVhpOKK9OFyB\/XihP8="}
@@ -31,4 +31,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 136 chars
~~ json string max len.......: 616 chars
~~ json string avg len.......: 454 chars
~~ json string avg len.......: 457 chars

16
test/results/6in6tunnel.pcap.out
View File

@@ -1,12 +1,12 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00497{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1335197872,"pkt_ts_usec":162188,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="}
00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00493{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1335197872,"pkt_ts_usec":164220,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQP7tAAAAAAAAAAAAAAAAvu\/+7QAAAAAAAAAAAAAAAMr+YAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIHQWVlZWQ=="}
00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00458{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00470{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -20,5 +20,5 @@
~~ total allocations/frees...: 35343/35343
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 134 chars
~~ json string max len.......: 505 chars
~~ json string avg len.......: 397 chars
~~ json string max len.......: 517 chars
~~ json string avg len.......: 405 chars

2
test/results/BGP_Cisco_hdlc_slarp.pcap.out
View File

@@ -1,5 +1,5 @@
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1445156939131,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
00410{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":131847,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00411{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":145123,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152068,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}

6
test/results/BGP_redist.pcap.out
View File

@@ -1,10 +1,10 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00543{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167156,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00155{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00576{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167195,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/1

521
test/results/EAQ.pcap.out
View File

@@ -1,5 +1,5 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820948562,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":562939,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
00404{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":566510,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
00402{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":569287,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
@@ -10,7 +10,7 @@
00404{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":716107,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcJAAEAGRhIKCAABrcJ3MND5AFA4ezaKx4TL\/1AQO\/BxFQAA"}
00405{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":716290,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAVAABAGO9CtwncwCggAAQBQ0PnHhMv\/OHs2ilAR\/\/+tBAAA"}
00403{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":767743,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcNAAEAGRhEKCAABrcJ3MND5AFA4ezaKx4TMAFAUO\/BxEAAA"}
00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820948836,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":836590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
00406{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":837811,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
00404{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":844861,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
@@ -26,109 +26,71 @@
04101{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347577,"pkt_caplen":2818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2818,"pkt_l4_len":2784,"pkt":"ABoRAAACABoRAAABCABFAAr0AAtAABAGMRatwncYCggAAQBQnhOoUh5BV639SVAQ\/\/+mPAAAaXVzOjJweH0ua2QtYnV0dG9uLXN1Ym1pdHtib3JkZXI6MXB4IHNvbGlkICMzMDc5ZWQ7YmFja2dyb3VuZC1jb2xvcjojNGQ5MGZlO2JhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1ncmFkaWVudChsaW5lYXIsbGVmdCB0b3AsbGVmdCBib3R0b20sZnJvbSgjNGQ5MGZlKSx0bygjNDc4N2VkKSk7YmFja2dyb3VuZC1pbWFnZTotd2Via2l0LWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOi1tb3otbGluZWFyLWdyYWRpZW50KHRvcCwjNGQ5MGZlLCM0Nzg3ZWQpO2JhY2tncm91bmQtaW1hZ2U6LW1zLWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOi1vLWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOmxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtmaWx0ZXI6cHJvZ2lkOkRYSW1hZ2VUcmFuc2Zvcm0uTWljcm9zb2Z0LmdyYWRpZW50KHN0YXJ0Q29sb3JTdHI9JyM0ZDkwZmUnLEVuZENvbG9yU3RyPScjNDc4N2VkJyl9LmtkLWJ1dHRvbi1zdWJtaXQ6aG92ZXJ7Ym9yZGVyOjFweCBzb2xpZCAjMmY1YmI3O2JhY2tncm91bmQtY29sb3I6IzM1N2FlODtiYWNrZ3JvdW5kLWltYWdlOi13ZWJraXQtZ3JhZGllbnQobGluZWFyLGxlZnQgdG9wLGxlZnQgYm90dG9tLGZyb20oIzRkOTBmZSksdG8oIzM1N2FlOCkpO2JhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTotbW96LWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjMzU3YWU4KTtiYWNrZ3JvdW5kLWltYWdlOi1tcy1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTotby1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTpsaW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7ZmlsdGVyOnByb2dpZDpEWEltYWdlVHJhbnNmb3JtLk1pY3Jvc29mdC5ncmFkaWVudChzdGFydENvbG9yU3RyPScjNGQ5MGZlJyxFbmRDb2xvclN0cj0nIzM1N2FlOCcpfS5rZC1idXR0b24tc3VibWl0OmFjdGl2ZXstd2Via2l0LWJveC1zaGFkb3c6aW5zZXQgMCAxcHggMnB4IHJnYmEoMCwwLDAsMC4zKTstbW96LWJveC1zaGFkb3c6aW5zZXQgMCAxcHggMnB4IHJnYmEoMCwwLDAsMC4zKTtib3gtc2hhZG93Omluc2V0IDAgMXB4IDJweCByZ2JhKDAsMCwwLDAuMyl9I3Btb2xuayBhe2NvbG9yOiNmZmY7ZGlzcGxheTppbmxpbmUtYmxvY2s7Zm9udC13ZWlnaHQ6Ym9sZDtwYWRkaW5nOjVweCAyMHB4O3RleHQtZGVjb3JhdGlvbjpub25lO3doaXRlLXNwYWNlOm5vd3JhcH0ueGJ0bntjb2xvcjojOTk5O2N1cnNvcjpwb2ludGVyO2ZvbnQtc2l6ZToyM3B4O2xpbmUtaGVpZ2h0OjVweDtwYWRkaW5nLXRvcDo1cHh9LnBhZGl7cGFkZGluZzowIDhweCAwIDEwcHh9LnBhZHR7cGFkZGluZzo1cHggMjBweCAwIDA7Y29sb3I6IzQ0NH0ucGFkc3t0ZXh0LWFsaWduOmxlZnQ7bWF4LXdpZHRoOjIwMHB4fTwvc3R5bGU+IDxkaXYgY2xhc3M9InBtb2FicyIgaWQ9InBtb2NudHIyIiBzdHlsZT0iYmVoYXZpb3I6dXJsKCNkZWZhdWx0I3VzZXJkYXRhKTtkaXNwbGF5Om5vbmUiPiA8dGFibGUgYm9yZGVyPSIwIj4gPHRyPiA8dGQgY29sc3Bhbj0iMiI+IDxkaXYgY2xhc3M9InhidG4iIG9uY2xpY2s9Imdvb2dsZS5wcm9tb3MmJmdvb2dsZS5wcm9tb3MudG9hc3QmJiBnb29nbGUucHJvbW9zLnRvYXN0LmNwYygpIiBzdHlsZT0iZmxvYXQ6cmlnaHQiPiZ0aW1lczs8L2Rpdj4gPC90ZD4gPC90cj4gPHRyPiA8dGQgY2xhc3M9InBhZGkiIHJvd3NwYW49IjIiPiA8aW1nIHNyYz0iL2ltYWdlcy9pY29ucy9wcm9kdWN0L2Nocm9tZS00OC5wbmciPiA8L3RkPiA8dGQgY2xhc3M9InBhZHMiPlVtIG5hdmVnYWRvciBkYSBXZWIgbWFpcyBy4XBpZG88L3RkPiA8L3RyPiA8dHI+IDx0ZCBjbGFzcz0icGFkdCI+IDxkaXYgY2xhc3M9ImtkLWJ1dHRvbi1zdWJtaXQiIGlkPSJwbW9sbmsiPiA8YSBocmVmPSIvY2hyb21lL2luZGV4Lmh0bWw\/aGw9cHQtQlImYW1wO2JyYW5kPUNITkcmYW1wO3V0bV9zb3VyY2U9cHQtQlItaHBwJmFtcDt1dG1fbWVkaXVtPWhwcCZhbXA7dXRtX2NhbXBhaWduPXB0LUJSIiBvbmNsaWNrPSJnb29nbGUucHJvbW9zJiZnb29nbGUucHJvbW9zLnRvYXN0JiYgZ29vZ2xlLnByb21vcy50b2FzdC5jbCgpIj5JbnN0YWxhciBvIEdvb2dsZSBDaHJvbWU8L2E+IDwvZGl2PiA8L3RkPiA8L3RyPiA8L3RhYmxlPiA8L2Rpdj4gPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPihmdW5jdGlvbigpe3ZhciBhPXtzOnt9fTthLnMudmE9NTA7YS5zLnJhPTEwO2Eucy5hYT0iYm9keSI7YS5zLlJhPSEwO2Eucy5VYT1mdW5jdGlvbihiLGMpe3ZhciBkPWEucy5IYSgpO2Eucy5KYShkLGIsYyk7YS5zLlZhKGQpO2Eucy5SYSYmYS5zLlNhKGQpfTthLnMuVmE9ZnVuY3Rpb24oYil7KGI9YS5zLmNhKGIpKSYmMDxiLmZvcm1zLmxlbmd0aCYmYi5mb3Jtc1swXS5zdWJtaXQoKX07YS5zLkhhPWZ1bmN0aW9uKCl7dmFyIGI9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiaWZyYW1lIik7Yi5oZWlnaHQ9MDtiLndpZHRoPTA7Yi5zdHlsZS5vdmVyZmxvdz0iaGlkZGVuIjtiLnN0eWxlLnRvcD1iLnN0eWxlLmxlZnQ9Ii0xMDBweCI7Yi5zdHlsZS5wb3NpdGlvbj0iYWJzb2x1dGUiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYik7cmV0dQ=="}
00406{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347607,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDw5AAEAG\/N4KCAABrcJ3GJ4TAFBXrf1JqFIeQVAUa\/hbBgAA"}
00404{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347729,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGC+0KCAABrcJ3GJ4TAFBXrf1JAAAAAFAEAACNogAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820949586,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":586102,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="}
00411{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":685742,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820949685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820949685,"flow_last_seen":1432820949685,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":685834,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGKD\/AAAAAAAADdoAAZnTAACQAA=="}
00412{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":735425,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA1AABARGhDIuX3iCggAARdwvvoAGND\/AAAAAAAADdoAAZnTAABgAA=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820949735,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820949735,"flow_last_seen":1432820949735,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":735516,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL5HAAAAAAAADdoAAlupAACQAA=="}
00411{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":806378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA5AABARA6XIwpRDCggAARdwyXEAGO5HAAAAAAAADdoAAlupAABgAA=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":1432820949806,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":806470,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGGTWAAAAAAAADdoAAuOuAACQAA=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820950801,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820950801,"flow_last_seen":1432820950801,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":801312,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGJCGAAAAAAAADdoABKxeAACQAA=="}
00411{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":865307,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA9AABARA6XIwpRCCggAARdwpnwAGMCGAAAAAAAADdoABKxeAABgAA=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820950865,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820950865,"flow_last_seen":1432820950865,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":865399,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGGvdAAAAAAAADdoABM0IAACQAA=="}
00411{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":935162,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABBAABARA6LIwpRECggAARdwqnkAGJvdAAAAAAAADdoABM0IAABgAA=="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":1432820950935,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":935254,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLKfAAAAAAAADdoABbA\/AACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":1432820951932,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820951,"pkt_ts_usec":932141,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGJu8AAAAAAAADdoABbltAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":1432820952931,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820952,"pkt_ts_usec":931622,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGDyZAAAAAAAADdoABeFcAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":1432820953931,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820953,"pkt_ts_usec":931775,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGP9hAAAAAAAADdoABgTEAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":1432820954931,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820954,"pkt_ts_usec":931988,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGAf9AAAAAAAADdoABloAAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":1432820955933,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820955,"pkt_ts_usec":933026,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGNz1AAAAAAAADdoABltPAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":1432820956931,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820956,"pkt_ts_usec":931836,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGMFvAAAAAAAADdoABnqLAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432820957932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432820957932,"flow_last_seen":1432820957932,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":932110,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGKK2AAAAAAAADdoABqTdAACQAA=="}
00412{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":985150,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABFAABARE6PIwoRCCggAARdwq8sAGNK2AAAAAAAADdoABqTdAABgAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":1432820957985,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":985242,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGIZAAAAAAAAADdoABqZqAACQAA=="}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432820958981,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432820958981,"flow_last_seen":1432820958981,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820958,"pkt_ts_usec":981671,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGEQwAAAAAAAADdoABxYcAACQAA=="}
00411{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":35290,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABJAABARE6HIwoRDCggAARdwmREAGHQwAAAAAAAADdoABxYcAABgAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432820959035,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432820959035,"flow_last_seen":1432820959035,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":35351,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHB\/AAAAAAAADdoAB7TmAACQAA=="}
00413{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":95105,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABNAABARE5\/IwoRECggAARdwzfYAGKB\/AAAAAAAADdoAB7TmAABgAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":1432820959095,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":95196,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGDoLAAAAAAAADdoAB90SAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":1432820960101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820960,"pkt_ts_usec":101788,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGBIjAAAAAAAADdoACAGNAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":1432820961101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820961,"pkt_ts_usec":101300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGAmjAAAAAAAADdoACRl0AACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":1432820962101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820962,"pkt_ts_usec":101819,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGEXvAAAAAAAADdoACRqlAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":1432820963101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820963,"pkt_ts_usec":101514,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGMqYAAAAAAAADdoADHkgAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":1432820964101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820964,"pkt_ts_usec":101849,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGL1eAAAAAAAADdoADHsIAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":1432820965101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820965,"pkt_ts_usec":101300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGI6AAAAAAAAADdoADHv8AACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":1432820966101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820966,"pkt_ts_usec":101330,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGKGGAAAAAAAADdoADHzSAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":1432820967101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820967,"pkt_ts_usec":101727,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGNXsAAAAAAAADdoADH2JAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":1432820968101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820968,"pkt_ts_usec":101514,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGIaLAAAAAAAADdoADH5fAACQAA=="}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":1432820969101,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820969,"pkt_ts_usec":101269,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGKbHAAAAAAAADdoADrlDAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":1432820970111,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820970,"pkt_ts_usec":111371,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGJpnAAAAAAAADdoADrp0AACQAA=="}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":111371,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNRlAAAAAQAADdsAAUyUAACQAA=="}
00411{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":175091,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABRAABARDVnIuYqSCggAARdwzCEAGARmAAAAAQAADdsAAUyUAABgAA=="}
@@ -145,97 +107,36 @@
00411{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":406842,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGJfzAAAAAQAADdsABqDuAACQAA=="}
00411{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475323,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABhAABARA5rIwpRECggAARdwqnkAGMfzAAAAAQAADdsABqDuAABgAA=="}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475415,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820972,"pkt_ts_usec":471448,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820973,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820974,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE8vAAAAAQAADdwABc7DAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820975,"pkt_ts_usec":471997,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+WAAAAAQAADdwABfSNAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820976,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB5FAAAAAQAADdwABkO1AACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820977,"pkt_ts_usec":471478,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820978,"pkt_ts_usec":471356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475415,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="}
00412{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820972,"pkt_ts_usec":471448,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="}
00412{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820973,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="}
00412{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820974,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE8vAAAAAQAADdwABc7DAACQAA=="}
00412{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820975,"pkt_ts_usec":471997,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+WAAAAAQAADdwABfSNAACQAA=="}
00412{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820976,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB5FAAAAAQAADdwABkO1AACQAA=="}
00412{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820977,"pkt_ts_usec":471478,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="}
00412{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820978,"pkt_ts_usec":471356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="}
00412{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="}
00412{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565289,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABlAABARE5vIwoRCCggAARdwq8sAGOWJAAAAAQAADdwABpIHAABgAA=="}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565381,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="}
00412{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565381,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="}
00412{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":561383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFMTAAAAAQAADdwABwc2AACQAA=="}
00412{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":615033,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABpAABARE5nIwoRDCggAARdwmREAGIMTAAAAAQAADdwABwc2AABgAA=="}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00412{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":615124,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHylAAAAAQAADdwAB6i9AACQAA=="}
00412{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685010,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABtAABARE5fIwoRECggAARdwzfYAGKylAAAAAQAADdwAB6i9AABgAA=="}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685101,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820981,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820982,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820983,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF3iAAAAAQAADdwACQKvAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820984,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOaZAAAAAQAADdwADF0cAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820985,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNpxAAAAAQAADdwADF3yAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820986,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKvQAAAAAQAADdwADF6pAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820987,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL8TAAAAAQAADdwADF9CAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820988,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPOYAAAAAQAADdwADF\/aAACQAA=="}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820989,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKSTAAAAAQAADdwADGBUAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820990,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLjEAAAAAQAADdwADqdDAACQAA=="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820991,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKy\/AAAAAQAADdwADqgZAACQAA=="}
00412{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685101,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="}
00413{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820981,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="}
00412{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820982,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="}
00412{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820983,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF3iAAAAAQAADdwACQKvAACQAA=="}
00412{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820984,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOaZAAAAAQAADdwADF0cAACQAA=="}
00412{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820985,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNpxAAAAAQAADdwADF3yAACQAA=="}
00412{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820986,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKvQAAAAAQAADdwADF6pAACQAA=="}
00413{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820987,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL8TAAAAAQAADdwADF9CAACQAA=="}
00413{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820988,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPOYAAAAAQAADdwADF\/aAACQAA=="}
00412{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820989,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKSTAAAAAQAADdwADGBUAACQAA=="}
00412{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820990,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLjEAAAAAQAADdwADqdDAACQAA=="}
00413{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820991,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKy\/AAAAAQAADdwADqgZAACQAA=="}
00411{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOZEAAAAAgAADd0AATqyAACQAA=="}
00411{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":745099,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABxAABARDVHIuYqSCggAARdwzCEAGBZFAAAAAgAADd0AATqyAABgAA=="}
00412{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":745190,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGK27AAAAAgAADd0AAY0SAACQAA=="}
@@ -246,94 +147,33 @@
00412{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":25220,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAB9AABARA5XIwpRCCggAARdwpnwAGO1\/AAAAAgAADd0ABX9fAABgAA=="}
00411{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":25311,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKgIAAAAAgAADd0ABpDWAACQAA=="}
00412{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125256,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACBAABARA5LIwpRECggAARdwqnkAGNgIAAAAAgAADd0ABpDWAABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIg4AAAAAgAADd4AAsBGAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820994,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLxBAAAAAgAADd4ABaaXAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820995,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK16AAAAAgAADd4ABaepAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820996,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGFCaAAAAAgAADd4ABc1VAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820997,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA90AAAAAgAADd4ABfSsAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820998,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB3IAAAAAgAADd4ABkQvAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820999,"pkt_ts_usec":121350,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPM5AAAAAgAADd4ABkUFAACQAA=="}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821000,"pkt_ts_usec":121411,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNI4AAAAAgAADd4ABmm8AACQAA=="}
00412{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIg4AAAAAgAADd4AAsBGAACQAA=="}
00413{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820994,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLxBAAAAAgAADd4ABaaXAACQAA=="}
00413{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820995,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK16AAAAAgAADd4ABaepAACQAA=="}
00413{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820996,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGFCaAAAAAgAADd4ABc1VAACQAA=="}
00413{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820997,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA90AAAAAgAADd4ABfSsAACQAA=="}
00413{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820998,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB3IAAAAAgAADd4ABkQvAACQAA=="}
00413{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820999,"pkt_ts_usec":121350,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPM5AAAAAgAADd4ABkUFAACQAA=="}
00413{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821000,"pkt_ts_usec":121411,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNI4AAAAAgAADd4ABmm8AACQAA=="}
00413{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLbWAAAAAgAADd4ABpC3AACQAA=="}
00413{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":184949,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACFAABARE5PIwoRCCggAARdwq8sAGObWAAAAAgAADd4ABpC3AABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":185071,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJr5AAAAAgAADd4ABpGrAACQAA=="}
00413{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":185071,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJr5AAAAAgAADd4ABpGrAACQAA=="}
00413{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":181775,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFLyAAAAAgAADd4ABwdUAACQAA=="}
00413{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":235699,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACJAABARE5HIwoRDCggAARdwmREAGILyAAAAAgAADd4ABwdUAABgAA=="}
00413{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":235821,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGINPAAAAAgAADd4AB6IQAACQAA=="}
00414{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314892,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACNAABARE4\/IwoRECggAARdwzfYAGLNPAAAAAgAADd4AB6IQAABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314953,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEydAAAAAgAADd4AB8p6AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821003,"pkt_ts_usec":311322,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCJUAAAAAgAADd4AB\/FWAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821004,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGFyuAAAAAgAADd4ACQPgAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821005,"pkt_ts_usec":311841,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCEZAAAAAgAADd4ACQH4AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821006,"pkt_ts_usec":311749,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOVGAAAAAgAADd4ADF5sAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821007,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNkAAAAAAgAADd4ADF9gAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821008,"pkt_ts_usec":311902,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKp9AAAAAgAADd4ADF\/5AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821009,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL3BAAAAAgAADd4ADGCRAACQAA=="}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821010,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPInAAAAAgAADd4ADGFIAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821011,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821012,"pkt_ts_usec":311566,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821013,"pkt_ts_usec":311413,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="}
00413{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314953,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEydAAAAAgAADd4AB8p6AACQAA=="}
00414{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821003,"pkt_ts_usec":311322,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCJUAAAAAgAADd4AB\/FWAACQAA=="}
00413{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821004,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGFyuAAAAAgAADd4ACQPgAACQAA=="}
00413{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821005,"pkt_ts_usec":311841,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCEZAAAAAgAADd4ACQH4AACQAA=="}
00413{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821006,"pkt_ts_usec":311749,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOVGAAAAAgAADd4ADF5sAACQAA=="}
00413{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821007,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNkAAAAAAgAADd4ADF9gAACQAA=="}
00414{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821008,"pkt_ts_usec":311902,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKp9AAAAAgAADd4ADF\/5AACQAA=="}
00414{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821009,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL3BAAAAAgAADd4ADGCRAACQAA=="}
00413{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821010,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPInAAAAAgAADd4ADGFIAACQAA=="}
00413{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821011,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="}
00413{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821012,"pkt_ts_usec":311566,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="}
00413{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821013,"pkt_ts_usec":311413,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="}
00412{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOYEAAAAAwAADd8AATrvAACQAA=="}
00412{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":375073,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACRAABARDUnIuYqSCggAARdwzCEAGBYFAAAAAwAADd8AATrvAABgAA=="}
00412{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":375195,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGLHkAAAAAwAADd8AAYjmAACQAA=="}
@@ -344,94 +184,54 @@
00412{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":585400,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACdAABARA43IwpRCCggAARdwpnwAGOwtAAAAAwAADd8ABYCuAABgAA=="}
00412{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":585492,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKcRAAAAAwAADd8ABpHKAACQAA=="}
00412{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655194,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAChAABARA4rIwpRECggAARdwqnkAGNcRAAAAAwAADd8ABpHKAABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655285,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIdgAAAAAwAADeAAAsEbAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821015,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLvjAAAAAwAADeAABabyAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821016,"pkt_ts_usec":651837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1YAAAAAwAADeAABafIAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821017,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE\/BAAAAAwAADeAABc4rAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821018,"pkt_ts_usec":651745,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+uAAAAAwAADeAABfRvAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821019,"pkt_ts_usec":651349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB7YAAAAAwAADeAABkMcAACQAA=="}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821020,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPQqAAAAAwAADeAABkQRAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821021,"pkt_ts_usec":652356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNJTAAAAAwAADeAABmmeAACQAA=="}
00412{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655285,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIdgAAAAAwAADeAAAsEbAACQAA=="}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821015,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLvjAAAAAwAADeAABabyAACQAA=="}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821016,"pkt_ts_usec":651837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1YAAAAAwAADeAABafIAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00414{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821017,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE\/BAAAAAwAADeAABc4rAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821018,"pkt_ts_usec":651745,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+uAAAAAwAADeAABfRvAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821019,"pkt_ts_usec":651349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB7YAAAAAwAADeAABkMcAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821020,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPQqAAAAAwAADeAABkQRAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821021,"pkt_ts_usec":652356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNJTAAAAAwAADeAABmmeAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLItAAAAAwAADeAABpVdAACQAA=="}
00413{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695019,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAClAABARE4vIwoRCCggAARdwq8sAGOItAAAAAwAADeAABpVdAABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695111,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJYxAAAAAwAADeAABpZwAACQAA=="}
00413{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695111,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJYxAAAAAwAADeAABpZwAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":691357,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFQBAAAAAwAADeAABwZCAACQAA=="}
00413{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":735181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACpAABARE4nIwoRDCggAARdwmREAGIQBAAAAAwAADeAABwZCAABgAA=="}
00413{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":735272,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGH4sAAAAAwAADeAAB6cwAACQAA=="}
00413{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795178,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACtAABARE4fIwoRECggAARdwzfYAGK4sAAAAAwAADeAAB6cwAABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEzXAAAAAwAADeAAB8o9AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821024,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCNFAAAAAwAADeAAB\/BiAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821025,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF2AAAAAAwAADeAACQMLAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821026,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGB8PAAAAAwAADeAACQP\/AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821027,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOUlAAAAAwAADeAADF6KAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821028,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNjAAAAAAwAADeAADF+dAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821029,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKo9AAAAAwAADeAADGA2AACQAA=="}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821030,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL2BAAAAAwAADeAADGDOAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821031,"pkt_ts_usec":791424,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPIFAAAAAwAADeAADGFnAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821032,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKLiAAAAAwAADeAADGH\/AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821033,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfoAAAAAwAADeAADqgZAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821034,"pkt_ts_usec":791791,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKvFAAAAAwAADeAADqkNAACQAA=="}
00413{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEzXAAAAAwAADeAAB8o9AACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00414{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821024,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCNFAAAAAwAADeAAB\/BiAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821025,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF2AAAAAAwAADeAACQMLAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00414{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821026,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGB8PAAAAAwAADeAACQP\/AACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821027,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOUlAAAAAwAADeAADF6KAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821028,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNjAAAAAAwAADeAADF+dAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821029,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKo9AAAAAwAADeAADGA2AACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00414{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821030,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL2BAAAAAwAADeAADGDOAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821031,"pkt_ts_usec":791424,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPIFAAAAAwAADeAADGFnAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00414{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821032,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKLiAAAAAwAADeAADGH\/AACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821033,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfoAAAAAwAADeAADqgZAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00413{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821034,"pkt_ts_usec":791791,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKvFAAAAAwAADeAADqkNAACQAA=="}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00412{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":791333,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOYfAAAABAAADeEAATrRAACQAA=="}
00413{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":895062,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACxAABARDUHIuYqSCggAARdwzCEAGBYgAAAABAAADeEAATrRAABgAA=="}
00412{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":895184,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGLJ6AAAABAAADeEAAYhNAACQAA=="}
@@ -442,83 +242,64 @@
00413{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":105023,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAC9AABARA4XIwpRCCggAARdwpnwAGOxnAAAABAAADeEABYBxAABgAA=="}
00412{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":105115,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKdLAAAABAAADeEABpGNAACQAA=="}
00413{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155347,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADBAABARA4LIwpRECggAARdwqnkAGNdLAAAABAAADeEABpGNAABgAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155499,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIc+AAAABAAADeIAAsE6AACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821037,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLuEAAAABAAADeIABadOAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821038,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGKz5AAAABAAADeIABagkAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821039,"pkt_ts_usec":151471,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE9jAAAABAAADeIABc6GAACQAA=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821040,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA63AAAABAAADeIABfVjAACQAA=="}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821041,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB9PAAAABAAADeIABkKiAACQAA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821042,"pkt_ts_usec":151410,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPSDAAAABAAADeIABkO1AACQAA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821043,"pkt_ts_usec":151593,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNE+AAAABAAADeIABmqwAACQAA=="}
00412{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155499,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIc+AAAABAAADeIAAsE6AACQAA=="}
00413{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821037,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLuEAAAABAAADeIABadOAACQAA=="}
00413{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821038,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGKz5AAAABAAADeIABagkAACQAA=="}
00413{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821039,"pkt_ts_usec":151471,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE9jAAAABAAADeIABc6GAACQAA=="}
00413{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821040,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA63AAAABAAADeIABfVjAACQAA=="}
00413{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821041,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB9PAAAABAAADeIABkKiAACQAA=="}
00413{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821042,"pkt_ts_usec":151410,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPSDAAAABAAADeIABkO1AACQAA=="}
00413{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821043,"pkt_ts_usec":151593,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNE+AAAABAAADeIABmqwAACQAA=="}
00413{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":151837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWfAAAABAAADeIABpHoAACQAA=="}
00414{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555127,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADFAABARE4PIwoRCCggAARdwq8sAGOWfAAAABAAADeIABpHoAABgAA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555249,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJnBAAAABAAADeIABpLdAACQAA=="}
00413{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555249,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJnBAAAABAAADeIABpLdAACQAA=="}
00413{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":551404,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFRaAAAABAAADeIABwXmAACQAA=="}
00414{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":604962,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADJAABARE4HIwoRDCggAARdwmREAGIRaAAAABAAADeIABwXmAABgAA=="}
00413{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":605023,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHtMAAAABAAADeIAB6oNAACQAA=="}
00415{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664807,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADNAABARE3\/IwoRECggAARdwzfYAGKtMAAAABAAADeIAB6oNAABgAA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664868,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3JAAAABAAADeIAB8lIAACQAA=="}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664868,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3JAAAABAAADeIAB8lIAACQAA=="}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 197/197
~~ skipped flows.............: 0
~~ total layer4 data length..: 15137 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 104/104
~~ total detected protocols..: 31
~~ total active/idle flows...: 31/31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 2098682 bytes
~~ total memory freed........: 2098682 bytes
~~ total allocations/frees...: 35850/35850
~~ total memory allocated....: 1981882 bytes
~~ total memory freed........: 1981882 bytes
~~ total allocations/frees...: 35631/35631
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 129 chars
~~ json string max len.......: 4108 chars

4
test/results/IEC104.pcap.out
View File

@@ -1,7 +1,7 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1317629088495,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":495135,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1317629088520,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":520615,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":532081,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}

163
test/results/KakaoTalk_chat.pcap.out
View File

@@ -1,65 +1,65 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00445{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069021,"pkt_ts_usec":959113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":6995,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD8AAEAAQBHSHQoYUrwKvAEBixMANQArGNJpegEAAAEAAAAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAQ=="}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00443{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":7117,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEB4dgANQAqGG9RAgEAAAEAAAAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00527{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":41815,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHgb0gAANREBEwq8AQEKGFK8ADWLEwBk4PlpeoGAAAEAAwAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABZUADQdhYy10YWxrAmdswBTALwABAAEAAACbAARuTI1wwC8AAQABAAAAmwAEAckAJw=="}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
00495{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":41999,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb0wAANREBKAq8AQEKGFK8ADWWMABOrZ2G7YGAAAEAAgAAAAAEYXV0aAVrYWthbwNjb20AAAEAAcAMAAUAAQAABccACgRhdXRoAmdswBHALAABAAEAAABWAATSZ\/AP"}
00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00568{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":42121,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":166,"pkt_l4_len":130,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJbtdwAANREvTwq8AQEKGFK8ADXh2ACCeK5RAoGAAAEABQAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD9AAMBmthdGFsawJnbMATwC4AAQABAAAAegAEbkyOIsAuAAEAAQAAAHoABAHJAD3ALgABAAEAAAB6AAQByQA\/wC4AAQABAAAAegAEbkyNJQ=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00452{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":58570,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":84,"pkt_l4_len":48,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEQAAEAAQBHSGAoYUrwKvAEBo7UANQAwrR37RAEAAAEAAAAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQAB"}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":59149,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBMmwANQAtbIX3UQEAAAEAAAAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQAB"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00444{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":59638,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEB5boANQAoZpVNewEAAAEAAAAAAAAEaXRlbQVrYWthbwNjb20AAAEAAQ=="}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00496{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":93909,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb1QAANREBJgq8AQEKGFK8ADXlugBOjwdNe4GAAAEAAgAAAAAEaXRlbQVrYWthbwNjb20AAAEAAcAMAAUAAQAABdUACgRpdGVtAmdswBHALAABAAEAAADUAATSZ\/AP"}
00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00511{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":94092,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGzteAAANREveAq8AQEKGFK8ADUybABYuHj3UYGAAAEAAgAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLW0EdGFsawJnbMAWwDEAAQABAAAAeAAE0mfwEA=="}
00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00519{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":94214,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLteQAANREvcQq8AQEKGFK8ADWjtQBeT7D7RIGAAAEAAgAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wASB2Jvb2tpbmcEbG9jbwJnbMAZwDQAAQABAAAAeAAEbkyOfQ=="}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":100592,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBFykANQAtVi4l7AEAAAEAAAAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQAB"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":104834,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBI4YANQAt2SeQlQEAAAEAAAAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQAB"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":105414,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB3fQANQAtU9dudwEAAAEAAAAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQAB"}
00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00512{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":234412,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1gAANREBGwq8AQEKGFK8ADUXKQBYAAol7IGAAAEAAgAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlQAPBHVwLXAEdGFsawJnbMAWwDEAAQABAAAAiwAE0mfwEA=="}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00512{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":234626,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1wAANREBGgq8AQEKGFK8ADUjhgBYgN2QlYGAAAEAAgAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlwAPBHVwLXYEdGFsawJnbMAWwDEAAQABAAAAqwAE0mfwEA=="}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00512{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":234717,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGztegAANREvdgq8AQEKGFK8ADXd9ABYZqtud4GAAAEAAgAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLWMEdGFsawJnbMAWwDEAAQABAAAAeAAEbkyNVQ=="}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00451{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":249457,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBcWUANQAtiQin1QEAAAEAAAAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQAB"}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00456{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":252173,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":82,"pkt_l4_len":46,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEIAAEAAQBHSGgoYUrwKvAEBYh0ANQAu\/udwlQEAAAEAAAAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAQ=="}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00451{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":252722,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBqEUANQAtOYa3iAEAAAEAAAAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQAB"}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":282050,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb2AAANREBGQq8AQEKGFK8ADVxZQBYBjqn1YGAAAEAAgAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFwgAPBHVwLWEEdGFsawJnbMAWwDEAAQABAAAARAAE0mfwEA=="}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00475{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":295691,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFHtewAANREvkAq8AQEKGFK8ADWoRQA9yiS3iIGAAAEAAQAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQABwAwAAQABAAAEOQAEbkyNVg=="}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
00513{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":295813,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069022297,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":297766,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="}
00448{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":411444,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="}
00435{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":419806,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="}
@@ -67,12 +67,12 @@
00436{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":611701,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbH0AALgby32f2OfsKGFK8H5DHTSs\/AzfLDfbngBAADqdRAAABAQgKmPZYbQALB+A="}
00720{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":647742,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":274,"pkt_l4_len":238,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAQJbIEAALgbyEGf2OfsKGFK8H5DHTSs\/AzfLDfbngBgADsrbAAABAQgKmPZYlAALB+DKAAAAoFkC\/4gP8tCNfpuCjPQ03kX5ZT2hwz0SDRU07eJflBwtFPV5JKc4qwZt9JmLd5nDiTYuAz6hED52mR1p+zgppELWWzSgjEgOr0doFoIFR2TYBxPm5xdGUCIRoKCHpKsU3VWhb+nYsDx5Pf8LCQ5Oo8lRB6Gg9+zmhy4riv76TlqCUugtK45ol2sMT3a1TCBjfuA7G\/n4jpBG8I4WhofsXSCtmEkKDblHy\/21GbGey\/YH3wn8eRewb+YRKoHNU\/+oeWFRMCrCIIrlzQ=="}
00435{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":651343,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzWUAAPwZJpQoYUrxn9jn7x00fkMsN9ucrPwQFgBAAe6XcAAABAQgKAAsH85j2WJQ="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069026012,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00420{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":12030,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00419{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":58295,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00421{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":148230,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00420{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":156775,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069026370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00449{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":370215,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="}
00476{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":490363,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFPzWkAAPwZJhQoYUrxn9jn7x00fkMsN9ucrPwQFgBgAezf0AAABAQgKAAsJcpj2WJQbAAAAo1kC\/4gP7taEcNXOxadg3tEhq8tPTAcjxeAa"}
00476{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":365912,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFPzW0AAPwZJhAoYUrxn9jn7x00fkMsN9ucrPwQFgBgAezedAAABAQgKAAsJyZj2WJQbAAAAo1kC\/4gP7taEcNXOxadg3tEhq8tPTAcjxeAa"}
@@ -83,7 +83,7 @@
00421{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":415442,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmuEAAPwbpRAoYUryt\/GECiq8Bu\/wa79FgIqtGUBA5CIc5AAA="}
00671{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":422126,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmuUAAPwboiwoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00418{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":75659,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="}
00424{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":103644,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACynf0AA+AZvea38YQIKGFK8AbuKr2YOB1z8Gu\/RYBIRHDWiAAACBAV4"}
00421{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":105689,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmukAAPwbpQgoYUryt\/GECiq8Bu\/wa8IlgIqtGUBA5CIaBAAA="}
@@ -92,20 +92,20 @@
00436{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":238593,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzXEAAPwZJogoYUrxn9jn7x00fkMsN9wYrPwQwgBAAe42TAAABAQgKAAsKIZj2bmU="}
00421{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":960211,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq8kAArAYRqNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00419{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069029,"pkt_ts_usec":28022,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":83014,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":83228,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBEUGwoYUrwKvL8B7lMANQAtKUi5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00505{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":115576,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGccBgAANREA8Aq8AQEKGFK8ADXuUwBTwyO5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAHYwAKBHBsdXMCZ2zAFsAxAAEAAQAAAQkABNJn8A8="}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00505{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":119544,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGf90QAANRFhIwq8vwEKGFK8ADXuUwBTEye5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAADlQAKBHBsdXMCZ2zAFsAxAAEAAQAAAMkABNJn8A8="}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
00544{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":119696,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"}
00489{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069030121,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00449{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":121588,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="}
00423{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":159674,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"}
00421{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":162268,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="}
@@ -126,11 +126,11 @@
00671{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":435553,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmu0AAPwboiQoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
00872{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":469611,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":382,"pkt_l4_len":346,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAW4rhEAAPwbvugoYUrzSZ\/APk70Bu6\/qInxgurrMUBhfAMGpAAAWAwEBBhAAAQIBADHdbtJlVbXP2Me7Ma38p8XS6wSYh+\/vRpK9j6DRf1Em2AM+p7cPSuHY5QUwZ\/vwXG2x7mxyFDwbjTwb2PkmLKI0Ump3aTqTXtuVvVcmhMuWwXk\/DYR4pH2OX1XBOeo\/Pl5TLZglBYU+GsVJLft7PxMPGUXzRakDmG1RVyWwtRalnuwhD\/2Wl\/d1cIBeHJgGzssBXyvaiJaQBQltboVO3gfTXEKif8kN82LDfp7K9ACWYOf4VJAJao0vd3J\/3TvD6jcRgL4U61zLvcOB3Q4flQVIgizBtDjwsIjlNTLEqD0a5DQSjhsPbnCyYELZRdQqR5Xfu5wCvBQnnYeZBa4Y\/EMUAwEAAQEWAwEAMF6qtHnfxQkE14fW7bitUio1+IL\/sCxOok+D\/0MblfYd\/OMJ36oREYUVEOQtHf30uw=="}
00420{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":480017,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACheakAAjwYhk638YQIKGFK8AbuKr2Aiq0b8GvCJUBCkrBrdAAA="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1430069030508,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":508795,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="}
00423{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":549536,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"}
00419{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":552619,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1430069030557,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00455{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":557074,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="}
00419{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":557379,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="}
00420{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":557410,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="}
@@ -139,9 +139,9 @@
00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00425{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":600684,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAArAYOlx8NRFQKGFK8AFCSsWQ58TCOvvH+YBD\/\/3RwAAABAQEB"}
00421{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":639655,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACif30AArQZtnx8NRFQKGFK8AFCSsWQ58TCOvvK5UBD\/\/4W7AAA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":703253,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02139{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":731635,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShea0AAjwYckq38YQIKGFK8AbuKr2Aiq0b8GvCJUBCkrNGhAAAWAwEAWQIAAFUDAcFMnoqnHL28zylfQXnHbXmp7QB2K0I4OCMnBtyhT5SjIFTmkW2W6o96+hlbztXJU76jJJdvgLhMP+5whOTkeNqTwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="}
00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00422{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":734564,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmvEAAPwbpQAoYUryt\/GECiq8Bu\/wa8IlgIrBGUBBBAHmJAAA="}
@@ -151,7 +151,7 @@
01609{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00505{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":748175,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1430069030751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":751746,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="}
00448{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":835761,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="}
00436{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":839087,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="}
@@ -160,9 +160,9 @@
00801{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":855597,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUOf4EAArQZsgx8NRFQKGFK8AFCSsWQ58TCOvvK5UBj\/\/wX6AABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogM3o2a2UxVXU0SHNpbnZIcU5ha1JSUXdtUU5ZQUd1Z0NwV2Y5Yk5CNE9velJSYk1aa3FhSXh6Y2puazc5R3VzZTJQQXN4c0M0QTVRRmd5RlQ1ZStBV1E9PQ0KRGF0ZTogU3VuLCAyNiBBcHIgMjAxNSAxNzoyMzo1MCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
00421{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":860297,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6\/EAAPwaAngoYUrwfDURUkrEAUI6+8rlkOfJLUBA8uEfoAAA="}
00436{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":955695,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSZL0AAjwaSXx8NRFQKGFK8AbuwmcDC6avamzpegBACnv4AAAABAQgKopGWaQALCyY="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00452{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":978614,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02297{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":1044,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaCZMEAAjwaM8h8NRFQKGFK8AbuwmcDC6avamzpegBACnocNAAABAQgKopGWjQALCyYWAwMAbgIAAGoDAz6PGiorbDHMQHs5iFsOrmaGleqKpFcEfDumbgtfeVQNAMArAABCAAAAAP8BAAEAAAsABAMAAQIAIwAAM3QAKQ9zcGR5LzMuMS1mYi0wLjUIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xFgMDDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHSAEOzA5MDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHsGCCsGAQUFBwEBBG8wbTAkBggrBgEFBQ=="}
00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
00434{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":4584,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOkAAPwZIVQoYUrwfDURUsJkBu9qbOl7Awu8XgBAAiPp2AAABAQgKAAsLNqKRlo0="}
@@ -174,7 +174,7 @@
00530{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":17096,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
02242{"flow_id":24,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":42670,"pkt_caplen":1401,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1401,"pkt_l4_len":1365,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUABWkzPUAAPwZDHQoYUrwfDURUsJkBu9qbOl7AwveegBgAtB0AAAABAQgKAAsLOqKRlo0WAwMARhAAAEJBBDG34c7NydBVRf6mVQzi\/MwMXnUoOd0JvS1otngBVuiN7hS4zUuR30\/zhdtJJxzSSeM9VE5LTcff8eLYgzMoit8UAwMAAQEWAwMAPOTjOPIureyonxmEtL5pzsQRqFdVWUjvrA30RhsCUinFLfuLw6CiFVROC6aSF2Q+Q9x1j\/\/K0sywjsSjGxYDAwAo5OM48i6t7Klm1eGphEvyxwgHXv2\/1TpAFUXIQFgUOE7wWdAWUQPAqxcDAwRx5OM48i6t7KomCmHgEq3wqFBvtbWuM7Ywyxm7Fd9dqS2fFNJbJikaMij5AfSj7adTQtHIHDB9Vng5PJUjNZBIb+10PmUudcmdd3onbG7\/10KhuKfjOg8f60BIie9ygplKEtbwupfKMKjn761f\/7+L0375WBrGgdhw6nwj1uzH5dpc7FfwlMM+F0rFFuhXV5+BI23skk74iuc+um\/iFwsgz5MlBkue5HmpfEAgLxZerCuQpIuZyvDwhD+0Xpu+s+GlwABfVPta0ipXAAYD6XhOWkWm2VHm5EdhhFhdTEp82P2isqLO9bQitnF19DIFqIYdoNdV\/\/Xdgw5Irb4aSca0VRzZQ3yCtuzZ6gNB32qoDQaikxX8ERyLeXK3sgxD9rcxMYgjTlahVUrZXQbXs3FfZnFi9lBSdExo7V7P3XuthuYj15wRy9Inzv90D89GPf1Fz6WpJARCuhexY6iyUlK627t4HnHof\/JWDb1Kv+dHvHtMBenxvSBbsKoe6PIM88JiVeL7bmJlgwq+eIpJHgsWURcJ\/7fAz8oa6CjRFA+XnJay4Z4FVYzaOAwwLlXdO4Mp4QamJN2e2hflftb59C5eEwLBPkrZQrM5EO7I8rSGhGfhKKllgPXhWQtzWt1ssEmF4GdhocuBnvnCbRi7Mr\/krl5lB2oBw4fbHHvIU3ME\/g\/cFFaQ1lxVBRRNhpNcGeFlmpj5jVySoqXle7l0FTxR7jfnvvBoA6BNeSWqICL9DVejAytwJYK62Kf4kQVNPfC6vXq19CBsbjsG3WxZuVZ\/BPhZXbPmAmEProUWlyTgooiIq8QBRmbTJ9X3lBwvaKfmPh4tXAGrDXxDdOEv4BaUQzeK6U4ghv9emooym688U\/VCtARBQBfHb8Fckj4CFPtg7UgAi81lzg+HtRyG11OrNbyRjv3wfmMtk2p4DGQxCptdBMfZiGNJ8b8wRknwaJ6qHi4KKjhwyAz41OI65PSpM0vQE+MWxaz83qWfo8rnp3ltYIpCuJTJFHD4XBA8PE0jcHgHNpny3eOIc2crMSCNkIDRDMmLHaoQ2gIG58IJQG9bsNAqbyR8KAM8o4SM3Nwc4QLvBjhJK3O5mSUIZzmzHaYFL\/wOt3aG30tT+71Q7Wlkvx7kjGYpbexA9FrI9KqSkfDGI+N0oAva+CjNFMg1AmexNMRDZf9K1D8X+P3EsC2wyx1K8KbkjkGHMame9D8hkR4PVDzcFea88UrFc1DhvH\/0luy5q2a7oSC3zK\/tpGeZh2NE7t5h4NWoTcUUI\/HofVaf7svok4P3XilByfZjto2rcvqY9Q4BY1XslLcZ3oUq1o02eix9Yxbvm\/P71dlvwcquOQ4Syw6HF4BoIPkfWU+z+l61FTYWmXGAw2+kbxAjS7LjtHXE9PN9V5DtTIggNSnLMq4z0F75gwHAKwPdQ3zsKyr\/XjvTIuvU5R6+ZAQTOFr3DK1J65yCk37BGPvf\/0dqV6PHb3ndYwshVqZYX1F8EWRTMDI4fdukwwMIQvvX"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1430069031042,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":42945,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="}
00423{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":79901,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"}
00420{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":83289,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="}
@@ -182,9 +182,9 @@
00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00424{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":127600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYspR8NREYKGFK8AbuqPWAZ05eKfXGUYBClZFyHAAABAQEB"}
00420{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":131598,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACjeLEAAjwZNfB8NREYKGFK8AbuqPWAZ05eKfXPJUBCjUm5qAAA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00461{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":167395,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00793{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":168158,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":326,"pkt_l4_len":290,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAATaZM0AAjwaRWR8NRFQKGFK8AbuwmcDC957amz+TgBgClXT0AAABAQgKopGXNgALCzoWAwMAygQAAMYAAU\/wAMBVHjamp1t+k3aO+5WCeTt+f0Mn4qniaX\/FZd\/VQ2Tp46vrWFw57jV912dRcSdO8HzZQNIm6laX4t1LURyW0VCf46c1zE9Vzp9xa\/X+dr2du3yuL7BfmnzfuI9r5LpQP+4s1t92fSkjv8w2xSWFQtxM+q88564Ji4ONs\/QHo+VjZKQsG403b14UPkQjBg2dtn0ClHdmFrCsiwuOFJh2y0YnLgOAZD7ae\/TYAuVLKJPntFrqj4LBqCnU0j21wE6LGu8UAwMAAQEWAwMAKJruu5VbafH3STS42RhL4saKJbcTH\/lsE1g5BxcgBJ8dk160d\/X\/VM0="}
00516{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":168738,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":125,"pkt_l4_len":89,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG2ZNEAAjwaSIR8NRFQKGFK8AbuwmcDC+KDamz+TgBgClWBVAAABAQgKopGXNgALCzoXAwMANJruu5VbafH4HCo2Lued2HtDNlUR3bKRAfTGJJefp5xx\/jRoAHPtVYTMzij7PRWD+9jgkws="}
00499{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":169409,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGGZNUAAjwaSLB8NRFQKGFK8AbuwmcDC+Nnamz+TgBgClQuqAAABAQgKopGXNwALCzoXAwMAKJruu5VbafH5sQRaWN1yXAIV2NGtD21PaTBD2ciGilS4h+QCr8Qyf28="}
@@ -200,11 +200,11 @@
00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00421{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":224372,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6rkAAPwYA+woYUrwfDURGqj0Bu4p9c8lgGd4NUBBLALxGAAA="}
00421{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":224524,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6r0AAPwYA+goYUrwfDURGqj0Bu4p9c8lgGeGKUBBVAK7JAAA="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00460{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":230994,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01772{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":236731,"pkt_caplen":1053,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1053,"pkt_l4_len":1017,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUABA16sEAAPwb9EwoYUrwfDURGqj0Bu4p9c8lgGeGKUBhVAI3tAAAWAwMARhAAAEJBBD2hR1ZxSpq\/s2bE\/jEuVnHZhLsOfXDeW8kA5Vf7lk9JzGTsKpqTz8WcksKfffMvnDRskqK2mDmAm0lNTEbtVsUUAwMAAQEWAwMAPDgatczmcEzE+jBZypW7PvgvPfOYO3SnL4HX\/HbuPNa4Ou2KRWwdFRkakJ+FOn7WvKfMRb1s4C3UMd\/UwhYDAwAoOBq1zOZwTMXQ4JIUcIi0BL3fDVH2BZhsR2W2hrP9cDDIppHu4MM6uxcDAwMhOBq1zOZwTMaJo5seZy5725DDkdN6vFi40cW56kBpjWhZIhTaflCGbAf7jvOuihh+BI\/IOe\/yA9nVbXeJaLGnftSgB00+D+OilsDAoKyLtHxaKhLxH5JwurOk7ZcaHUYvO33rP4ph0CKrAObpqGfBLmD8yxRunBcVPimHXmeRx\/JvQ3gSLxFHw46iVFEgvk57HnAdKl0UpJnQLqeLdbxepSBOwvEyzL2En5zxYzhx1fAxCHQopLPF5GyhBoFvanULTIEm6pPDSeg7wg8Pc7aq7Fkr6ZJOQ8E4ixAkYEzCQfoyoaYEKbQ0biaQLxljr43RJa\/eLFMIAE9c8Hb1XB6\/MXeEi4ha7O3t+7HOdoRA2ky3OOuPNUH5aod8qNn03NFZR0LPQ5XsIVEz+r1rvpsa6EmM5oDIbCKfilvML1vufSR\/42\/CzbR6QpYEXousSC22JJwtv1p3kiioQqV7fYAEtgLuEjNNkwcOU7L139H5kPiOSBQnhGfjrfEvBOZxMRQ2Z3QK9BVMpjI7OaVAgEDrhQC5Q1+uRF2uCOOajPmgHvOKP1Gs8tvTmims1NOW7lfwLEGzEciEmeJ41uXtHGzUlHbMY7r6pEwXuUrGfALOAVMBo8GgRzFLm1FTOUJkFiGUhihPSZaBelN+sQEtwTxQs8CrOGld40GUtQPxYlfOYQ27WComeVqvuCn4lCwfsbcANeFlAomWyAujVoFS7fdjWKxauy5b86PRe0tGVNtfgTRca7y4uIe+D7ze\/fWoHGqBMkDWn6v4Dngwgl8QZDc6PRAYq0fZxoNWqk9rdGCRPCj8iQi2WiDGjEskePU1dWhd1GZJ+OKe52ePGBbf3Zx0PA2GkYC\/q\/1YteAS9Cvqj2c3m5XOUY5lgT1TPE7vKAcTT7exl+T1rNy4kumHQrXEYtm0IhwVqrMfj2UPgpt4qk7Zzaxl9aOBRJjW7GjsMTifs35uWXCubklLcnXB4Xe7WXqaEPNpj5Se3baN95\/XTIQmTa\/4QeS8EBc0nGYLybSUATF2T5daX0VirdX75zqNMnnOIx2SFD\/gRp2DkreMIkNN"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1430069031236,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":236945,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="}
00522{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":281714,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
@@ -225,26 +225,21 @@
02043{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":425727,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1257,"pkt_l4_len":1221,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUABNljFEAAPwYT1goYUrwfDURUsJsBu8tPan5icKxEUBhVAJopAAAWAwMARhAAAEJBBPON\/LJqBr6qw7RzueZWdveH9RPDKIh0taTOaFM3l3OAde7h9Djd2tDgsIIINv3z09StvnD4Ph6OT2kafg+cKTYUAwMAAQEWAwMAPCwS+j2T0BmMYu44G7vYhClL6WUsbXbIjtRbfAnve+HDw2rVFjj6HECBr4cseaIL4ewKMLUqCzSKe\/Q8fhYDAwAoLBL6PZPQGY1xRCv\/MFccwmSU1tfDnnMr4gw3uYP7IkY1RioDkLjdUBcDAwPtLBL6PZPQGY6B8r6UGDXRbNsCCbsyRUcauQJQAmyiKg1VzXwdC8G1EhBGayJ2RPnxqfrO\/PjmM5tQU7jgiBRdsclpbRBi+EwNhS5AruPWrJ\/yiif9Ctpgx+7vdVMbMyi\/vlVNB7zBUdwjyQbYShVRS48KJdLrttXnToVlUNS2QdLmvPsAYJ8mSMYYiE1zxK7MX2gv8YWMv7au821PnB+oj6rcBimlhPAO455i\/j07QwBh+4ftQgV3lkRDicOM2tRRLxjw5hU1zelvd7ZtOSJNQruYzAKcGriBNJpMsJpul62PGvwupCEZP5sjOs3KMV1Cr9CfYhuux+jQRT5mfj6vX3NKX6iJ3O\/IrLW\/FlhcKbgeU+fsBYGA6v9PT82VDCG5+ILyHYmHYf7cfnPt8WPHeSWeWDJ8f8AmUsNEafgoZ01npr8SUtPh13C7wNutcn7NsuxykOD2vXslWkWWyiu84+c+Trf5hM3WkYcE7p28kUonAF1tpBdGwISKw6ooenbxWbbqv2lsOPVNERLYXTZ18eSCJm\/goP48GtDUjcBfM9FCUsFY3tZt6k9oLe8Z77YUN1nKtxQWRzDqksGUfEe37VXcLV4Mjd+G4Wk8bTRNIgxsVLb6Cv3OSKR2HpUi3Ga3+9G9XfkHbKlJDDTaXmzCYUKqJ58kdKdjTpwdtddpKdDsgdBisnDJWJwF78eTpSvYCe259g0EFsE1thdwwLRCRibBc\/IgHwtZdrh+cf5rdDxQv3HfLo+V7TP0T50DDJUmGA\/4uysW6AOfNxTzVDS4A6WpxKrSzS13Oe1CtS0ZbAE5VkUXHMyHbdK2LBK5wCEgTyXObcCFtUl905nORIodohxUeA11r18OnnXjqu7KF12JXWkL9kvYWAmUJy+X+oWnA6LQXh0WtnF2SEN6ikR8vVfXoWFFCUvKCG5OUXCEZL+XiO3X0bjZe1\/E2g9Ke4lMf4PNhB0aOZHflkv4xdQwsYbNLeu7gvIh7onn+l1HiszXua0fkDui4zGZAvd\/KwoKNNlctWtwX1jlctJmgTfXacPh7dXIfievhDkfORC2DjaLuWCG\/CWtPvhIKNlpNqw5JOqOFdQiLP3iBX66mKVYCwP4johGeG95utDAfRDgvwtCu4Bg1BgXcnZvCon7n0RrbBotXiS5ecufwm7UBfZ+I43ytPe3rjdlv8vnG7fsaNSfcMJxIb97jr2HotKcRl\/3Za8RzptvZNsSIYP16rjO6giF5VuOe6+oIaz+9xS3z49ockgUXT+p5UM4Zk9cvdoivxdwDEe8ehPZvHnfYhQCX4bWbp6IZKctRr4jPllvCsicbaviQVruzJboPcbE"}
00421{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":480384,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACjTTEAAjwZYTh8NRFQKGFK8Abuwm2JwrETLT28vUBCkxE9QAAA="}
00770{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":513282,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":314,"pkt_l4_len":278,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAASrTTUAAjwZXSx8NRFQKGFK8Abuwm2JwrETLT28vUBikxOXaAAAWAwMAygQAAMYAAU\/wAMBVHjamON2Im1HS1Mx3WG+MHqQdzgVj909oJkB2\/cL96uQcX2PfrbyBj2+2oCYfHZ91Urggzu6eStTIoM9Tx0y+L5fn4iO7UemYhseBRZgQPMeOhtjrP7Ay2eCf3jw6sB7lBQ3ZcpiCWpWxN+zLU1AVf1JRJ2kh83AYgCsYOkJGnI0JglWBDAlI6RTp6SysSqxSLyEbEgg6TRJ5xWMmmo6sYo0KSmzNienpjIAH1B453woar3mtJnA1SQQQ9xtf72wUAwMAAQEWAwMAKBb8yUXEQnm1GVxYXWHBTfz7BtrCKB8SKDo3bRG3+B+IlvOJH6rcA04="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":611243,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="}
00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
00422{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069032,"pkt_ts_usec":164282,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq80AArAYRp9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00422{"flow_id":14,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069032,"pkt_ts_usec":171576,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1430069035398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00421{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":398200,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="}
00420{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":537940,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1430069035840,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":840522,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="}
00424{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":877814,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"}
00420{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":880866,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="}
00426{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":917823,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAArAYOlx8NRFQKGFK8AFCStWTibgTNKqCMYBD\/\/wn2AAABAQEB"}
00671{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":921179,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOtlUAAPwbNSgoYUrwfDURUkrUAUM0qoIxk4m4EUBg5CEcRAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMy4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1430069035967,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00449{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":967627,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="}
00422{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":973456,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiiUEAArQZrLh8NRFQKGFK8AFCStWTibgTNKqFHUBD\/\/xtBAAA="}
00422{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":8002,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"}
@@ -253,7 +248,7 @@
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":49811,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYslx8NRFQKGFK8AbuwnWIYU8J1uP30YBClZFxUAAABAQEB"}
00419{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":50513,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChrjUAAjwbADR8NRFQKGFK8AbuwnWIYU8J1uP6sUBCkrG5aAAA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1430069036068,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":68122,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="}
00424{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":109870,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"}
00421{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":113928,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="}
@@ -290,8 +285,9 @@
00525{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069040,"pkt_ts_usec":829291,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLzXUAAPwZJYwoYUrxn9jn7x00fkMsN9wYrPwQwgBgAexO3AAABAQgKAAsPCpj2bmU6AAAAolkC\/4gP\/deLY5qAl+gvk1q6sKo+Dj8NmSA2rJYEww7CAFaSnbB0cHHjCEGbHgWAm+O6R5DcVbzucA=="}
00700{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069041,"pkt_ts_usec":829810,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":258,"pkt_l4_len":222,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAPJbIkAALgbyHmf2OfsKGFK8H5DHTSs\/BDDLDfdEgBgADk6wAAABAQgKmPajHgALDwq6AAAAolkC\/4gP\/deLY5qAl+gvk1q6MKo+Dr8NmSA0vIoEwzL52Zrr6RjF9Bu994wavboL+YbRyGuQnqzGjRX38N1zyfNe61lkzc0IHKVWxcnKyjmNl6oQX9Lrf+xWf9zOhkCznR4qsQb0obZXCGNou9W\/BEdEWcdYd1s\/XQjToOKZQOS9aYSCHzCyUVerS7tvJBIcs5grGAgJ\/\/0j1kplCt6fp\/H15W5dVAQmBKJAFTBRqD7ubEPdwOIZpkw4"}
00437{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069041,"pkt_ts_usec":937537,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzXkAAPwZJoAoYUrxn9jn7x00fkMsN90QrPwTugBAAg1J8AAABAQgKAAsPe5j2ox4="}
00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":291,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
00566{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":568854,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3zX0AAPwZJRgoYUrxn9jn7x00fkMsN90QrPwTugBgAg\/lWAAABAQgKAAsQgJj2ox5VAAAApVkC\/4gP6c2DY5DOxadg3j3uOFk37WQtu31WeByENvnH+DX\/S7DVK6u8apgllsOoljhTv0Bpj3w8hcD\/X\/f\/nc5qUppaWqWFC3vtb1GieZeOb5kg9A=="}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1430069044758,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00761{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":758795,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"}
00420{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":836371,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="}
00477{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":940863,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="}
@@ -303,14 +299,12 @@
00420{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069048,"pkt_ts_usec":920600,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTfEAAQAZ+bAoYUryLlgB9t2MBu1EoBAxiI9KTUBCRCOkBAAA="}
00476{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069049,"pkt_ts_usec":179969,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTfUAAQAZ+QQoYUryLlgB9t2MBu1EoBAxiI9KTUBiRCF0ZAAAmAAAAFuBuaLVdqRc+Gkt7POZ3i9iw3kOUcEZ6WdojCJDvIs0xtYwNzYg="}
00420{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069049,"pkt_ts_usec":230536,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgKKEAAjwb4wIuWAH0KGFK8Abu3Y2Ij0pNRKAQ2UBCf2uPeAAA="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00567{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069049,"pkt_ts_usec":770087,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00423{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069051,"pkt_ts_usec":671393,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq9UAArAYRpdg63QoKGFK8AFCMUtPmE5BDN+TzUBH\/\/wF2AAA="}
00422{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069051,"pkt_ts_usec":765998,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00422{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069052,"pkt_ts_usec":223609,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACif4UAArAZunR8NRFQKGFK8AFCSsWQ58kuOvvK5UBH\/\/4SfAAA="}
00422{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069052,"pkt_ts_usec":317694,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6\/UAAPwaAnQoYUrwfDURUkrEAUI6+8rlkOfJMUBA8uEfnAAA="}
00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00760{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069055,"pkt_ts_usec":712958,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KKUAAjgb4yIuWAH0KGFK8Abu3Y2Ij0pNRKAQ2UBif2g\/UAADzAAAADm0Ga7VdqRc+Gkt7POZ3i+5tzFY41M0fMnZ5G+m2Vfmrg\/zv7j0hw0EYHJWzK5vm\/yh4v2HJS83EDXIAXU2bjamkVNJvnppe0xZ5dVZ87ou5\/qGH6LaceT8u59MyUCQvylTi4YEzvDS9zVBR8mlLXoh1YM2wq9pcWvX2q\/mybRcS2fxHzLHJJpFYQpXKfnNGugL7Wx\/EBHURohcuMoPwedtdn3tHj0aCstecuAcqjgGrRkrqpBRh\/NLh33y+h1qkuo9\/WREg5Tpgd83vHtfKtQ78Z7vZ4TSawOTHx9k\/8rk1O3mx++HEjz58cnZa448oyarm"}
00421{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069055,"pkt_ts_usec":713507,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTfkAAQAZ+agoYUryLlgB9t2MBu1EoBDZiI9OKUBCZkOkBAAA="}
00477{"flow_id":35,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069055,"pkt_ts_usec":909095,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTf0AAQAZ+PwoYUryLlgB9t2MBu1EoBDZiI9OKUBiZkLHVAAAmAAAADm0Ga7VdqRc+Gkt7POZ3i+5tAVY41AAfMnZhBvKjSN7EqKqW+N8="}
@@ -320,21 +314,18 @@
00423{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069057,"pkt_ts_usec":684973,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiiUkAArAZsLB8NRFQKGFK8AFCStWTibx\/NKqFHUBH\/\/xolAAA="}
00424{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069057,"pkt_ts_usec":685950,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiiU0AArAZsKx8NRFQKGFK8AFCStWTibx\/NKqFHUBH\/\/xolAAA="}
00421{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069057,"pkt_ts_usec":806708,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitl0AAPwbOAwoYUrwfDURUkrUAUM0qoUdk4m8gUBA8uN1sAAA="}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00455{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069060,"pkt_ts_usec":11328,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00758{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069068,"pkt_ts_usec":839972,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":301,"pkt_l4_len":265,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR0KLEAAjgb4x4uWAH0KGFK8Abu3Y2Ij04pRKARgUBifsO6FAADxAAAA9OvkaLVdqRc+Gkt7POZ3i3B\/cSs8hz\/Y+A61mP+SPxO\/R3DGac2sjPnDCuKsrSfTbaTpC1QCK\/upe0ARxdejVurhNuCPA1SnywVLdu4Zw4wElJdvhX7T69mP5x8qI1Azfzl6NQhOIOdbeNjsORgh1vdsQSIm8PTjvEbCs2HlI1ijsi3aryyOYLECufcgZQh+GJ5ecJsfSD+F7fO9n1i5nft96BRdO1V4rNOFmTnrppJbI93qmZXgStBGfcB+qtk0Xvm+VYsDKwNq2vUgN+UkKJNvJyo8rCIYXzs\/GuzAG6FP1IczSONX8\/ceTFUNZIdxfw=="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00438{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069072,"pkt_ts_usec":945990,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1430069072986,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069072,"pkt_ts_usec":986762,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
00450{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186194,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
00438{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186682,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
00547{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":201697,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":146,"pkt_l4_len":110,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAIIsMkAAQAZ8qQoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBgBtpi\/AAABAQgKAAKjZzTom84WAwEASQEAAEUDAVFRUVESVPKV5Ej6iE0e+b\/OK2fBD2XxGFd+RBJAtWh8AAAeAAQABQAvADMAMgAKABYAEwAJABUAEgADAAgAFAARAQA="}
00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":294684,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADQUukAALgambzb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqynAAABAQgKNOib\/AACo2c="}
02306{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":299933,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaAUu0AALgahAjb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqHKAAABAQgKNOib\/AACo2cWAwEGtQIAAEYDAVU9H1Gb\/qiDm98eXfIJxb4shEK1GhPjZeBEv8P67\/0aIFU9H1G382hmASwGnCuJDP0Mh2TynvUtxumEykegoF7eAAQACwAGYwAGYAADPjCCAzowggKjoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwgaQxCzAJBgNVBAYTAktSMRQwEgYDVQQIDAtHeWVvbmdnaSBkbzEOMAwGA1UEBwwFU3V3b24xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTAeFw05OTEyMzExNTA1MDRaFw00OTEyMTgxNTA1MDRaMIGUMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsyrNiMIXJ++fpsiI08sYxPZbKOY56a37f6J9ViQReAUe3UWF2fdOff49ukAjUISbhahOinbZux+ildb7qUyHJVHQXanBrQsLoODvfOiws0bRofk+EjA3+puR1KI8EgNDCJfkzYF40k16LBiMv6fKIGXOV6sbZciKSSDD+AX5+08CAwEAAaOBiTCBhjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHQ6IKqRzfLkHpPDYYWaWWRoHaGswHwYDVR0jBBgwFoAUWMjZPBPgzaBussvwASa64F2DMFEwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBALo4j8DvDTq0WR5v2UJovDtyilA1Zel1mK2n\/GtzjEjxAUkMxaGxxxnaEWdSVH0\/0pG7jG3ieJSWSLWW4HdJJ+ZytoamKq2k87O5sF5LkM+ZGg+UlFyFpcvLuYXtbZHa4CFAnYmBZ5nQNz06gzWDYU9\/yRhZSf2unf7zNha\/BodKAAMcMIIDGDCCAoGgAwIBAgIJAPMld7YDENSnMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xDjAMBgNVBAcMBVN1d29uMSUwIwYDVQQKDBxTQU1TVU5HIEVMRUNUUk9OSUNTIENPLiwgTFREMR4wHAYDVQQDDBUqLnB1c2guc2Ftc3VuZ29zcC5jb20xKDAmBgkqhkiG9w0BCQEWGWFkbWluQHB1c2guc2Ftc3VuZ29zcC5jb20wHhcNOTkxMjMxMTUwMjEwWhcNNDkxMjE4MTUwMjEwWjCBpDELMAkGA1UEBhMCS1IxFDASBgNVBAgMC0d5ZW9uZ2dpIGRvMQ4wDAYDVQQHDAVTdXdvbjElMCMGA1UECgwcU0FNU1VORyBFTEVDVFJPTklDUyBDTy4sIExURDEeMBwGA1UEAwwVKi5wdXNoLnNhbXN1bmdvc3AuY29tMSgwJgYJKoZIhvcNAQkBFhlhZG1pbkBwdXNoLnNhbXN1bmdvc3AuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS\/wx087bX6AA7bz\/rPd\/AOtm8g1ebRfENevGCnMrnUw=="}
00438{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069072,"pkt_ts_usec":945990,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069072,"pkt_ts_usec":986762,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
00450{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186194,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
00438{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186682,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
00547{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":201697,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":146,"pkt_l4_len":110,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAIIsMkAAQAZ8qQoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBgBtpi\/AAABAQgKAAKjZzTom84WAwEASQEAAEUDAVFRUVESVPKV5Ej6iE0e+b\/OK2fBD2XxGFd+RBJAtWh8AAAeAAQABQAvADMAMgAKABYAEwAJABUAEgADAAgAFAARAQA="}
00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":294684,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADQUukAALgambzb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqynAAABAQgKNOib\/AACo2c="}
02306{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":299933,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaAUu0AALgahAjb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqHKAAABAQgKNOib\/AACo2cWAwEGtQIAAEYDAVU9H1Gb\/qiDm98eXfIJxb4shEK1GhPjZeBEv8P67\/0aIFU9H1G382hmASwGnCuJDP0Mh2TynvUtxumEykegoF7eAAQACwAGYwAGYAADPjCCAzowggKjoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwgaQxCzAJBgNVBAYTAktSMRQwEgYDVQQIDAtHeWVvbmdnaSBkbzEOMAwGA1UEBwwFU3V3b24xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTAeFw05OTEyMzExNTA1MDRaFw00OTEyMTgxNTA1MDRaMIGUMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsyrNiMIXJ++fpsiI08sYxPZbKOY56a37f6J9ViQReAUe3UWF2fdOff49ukAjUISbhahOinbZux+ildb7qUyHJVHQXanBrQsLoODvfOiws0bRofk+EjA3+puR1KI8EgNDCJfkzYF40k16LBiMv6fKIGXOV6sbZciKSSDD+AX5+08CAwEAAaOBiTCBhjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHQ6IKqRzfLkHpPDYYWaWWRoHaGswHwYDVR0jBBgwFoAUWMjZPBPgzaBussvwASa64F2DMFEwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBALo4j8DvDTq0WR5v2UJovDtyilA1Zel1mK2n\/GtzjEjxAUkMxaGxxxnaEWdSVH0\/0pG7jG3ieJSWSLWW4HdJJ+ZytoamKq2k87O5sF5LkM+ZGg+UlFyFpcvLuYXtbZHa4CFAnYmBZ5nQNz06gzWDYU9\/yRhZSf2unf7zNha\/BodKAAMcMIIDGDCCAoGgAwIBAgIJAPMld7YDENSnMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xDjAMBgNVBAcMBVN1d29uMSUwIwYDVQQKDBxTQU1TVU5HIEVMRUNUUk9OSUNTIENPLiwgTFREMR4wHAYDVQQDDBUqLnB1c2guc2Ftc3VuZ29zcC5jb20xKDAmBgkqhkiG9w0BCQEWGWFkbWluQHB1c2guc2Ftc3VuZ29zcC5jb20wHhcNOTkxMjMxMTUwMjEwWhcNNDkxMjE4MTUwMjEwWjCBpDELMAkGA1UEBhMCS1IxFDASBgNVBAgMC0d5ZW9uZ2dpIGRvMQ4wDAYDVQQHDAVTdXdvbjElMCMGA1UECgwcU0FNU1VORyBFTEVDVFJPTklDUyBDTy4sIExURDEeMBwGA1UEAwwVKi5wdXNoLnNhbXN1bmdvc3AuY29tMSgwJgYJKoZIhvcNAQkBFhlhZG1pbkBwdXNoLnNhbXN1bmdvc3AuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS\/wx087bX6AA7bz\/rPd\/AOtm8g1ebRfENevGCnMrnUw=="}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
@@ -342,18 +333,22 @@
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
@@ -363,6 +358,8 @@
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
@@ -381,12 +378,12 @@
~~ skipped flows.............: 0
~~ total layer4 data length..: 59444 bytes
~~ total detected protocols..: 29
~~ total active/idle flows...: 39/39
~~ total active/idle flows...: 38/38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 2112754 bytes
~~ total memory freed........: 2112754 bytes
~~ total allocations/frees...: 36009/36009
~~ total memory allocated....: 2111154 bytes
~~ total memory freed........: 2111154 bytes
~~ total allocations/frees...: 36006/36006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 140 chars
~~ json string max len.......: 2311 chars
~~ json string avg len.......: 1295 chars
~~ json string avg len.......: 1296 chars

70
test/results/KakaoTalk_talk.pcap.out
View File

@@ -1,16 +1,16 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069140120,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00521{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":120551,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="}
00434{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":453803,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="}
00609{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":501776,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="}
00434{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":504309,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzbEAAPwZJkgoYUrxn9jn7x00fkMsN+VUrPwhsgBAApaS6AAABAQgKAAs1\/Jj4JKw="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069141261,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":261786,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00418{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":403174,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":433753,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00418{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":435523,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM10AAPwZ\/FgoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00417{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":741828,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoACgAAEAArAbexXgcGvIKGFK8AFCG5WVqLsAAAAAAUAQAAKSeAAA="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069141923,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00558{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":923255,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="}
00435{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069142,"pkt_ts_usec":333991,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="}
00485{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069142,"pkt_ts_usec":373877,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="}
@@ -18,13 +18,13 @@
00476{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069146,"pkt_ts_usec":826789,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFPzbUAAPwZJcgoYUrxn9jn7x00fkMsN+VUrPwhsgBgApZeOAAABAQgKAAs4cpj4JKwbAAAArFkC\/4gP\/deLY5qIg6dg3inW8TLcnvrnkkwr"}
00495{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069147,"pkt_ts_usec":204932,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":111,"pkt_l4_len":75,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAF9bLEAALgbyp2f2OfsKGFK8H5DHTSs\/CGzLDfl0gBgADrhfAAABAQgKmPg+0gALOHInAAAArFkC\/4gP\/deLY5qIg6dg3inW5TLcnu7nkkw7fFn03dyDxLGHftrV"}
00434{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069147,"pkt_ts_usec":215064,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzbkAAPwZJkAoYUrxn9jn7x00fkMsN+XQrPwiXgBAApYerAAABAQgKAAs4m5j4PtI="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069159456,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00446{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069159,"pkt_ts_usec":456549,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="}
00446{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069159,"pkt_ts_usec":814032,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="}
00446{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":833472,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="}
00422{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":864508,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy2akAA+AYP6MvNk9cKGFK8AFC9aWNxqASPEumfYBIRHIjbAAACBAV4"}
00422{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":865241,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy9PkAA+AYJFMvNk9cKGFK8AFC9aWRnCMaPEumfYBIRHCckAAACBAV4"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00419{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":865821,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="}
00418{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":872473,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUwEAAPwaqlgoYUrzLzZPXvWkAUI8S6Z9jcagFUBA2sHrIAAA="}
00418{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":872626,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUwUAAPwaqlQoYUrzLzZPXvWkAUI8S6Z9jcagFUBA2sHrIAAA="}
@@ -38,7 +38,7 @@
00419{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":205237,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUw0AAPwaqkwoYUrzLzZPXvWkAUI8S7ABjcajTUBA6oHOpAAA="}
00419{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":207434,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUxEAAPwaqkgoYUrzLzZPXvWkAUI8S7ABjcajUUBE6oHOnAAA="}
00421{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":250861,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgRFUAArAYBJsvNk9cKGFK8AFC9aWNxqNSPEuwBUBD\/\/65HAAA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069163715,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00446{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":715308,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="}
00446{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":856879,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
00435{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":867163,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
@@ -54,7 +54,7 @@
01128{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":636878,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":574,"pkt_l4_len":538,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAi6w3EAALwY+m25MjzIKGFK8H5CAyJJ43s\/3Ed2ogBgAJPtGAAABAQgKRNtstAALP1AXAwEAIOWzn8HB\/tqkYzSA8nop661iIwFvdbgU68uFKzQmKqwTFwMBAdAthL\/K4LnwxppTKehQ5EVYpXo8Lhh0qlGte2RpVmT0dai7F3WDCbEfF0MAItzCfNMrO60nrwfgR3yG7H3SrJhOzafi1R4AhzFYQzkRnME2pRPidrXe4jLLU\/MB7MDdx59Hhhl0nTZUpj\/9+npmAOuF2tYvW8dhRT5ZDiGHICcrSNDk2VUifjAHEt9sTKO00QGKRQFZ2+6MSocTvQyg20qqKf89BcNmcoz0PkyFJTPKKLlz6nauIPSDM\/LGc2p4gtCPyUlWUPY2P1N+iJVvbNw4E\/LRI7fAt8DrttaBg+W+q7NS+Bp3dPbTll59JJQ3zs\/D5mUqj6ldalTB8\/jZmaTKMuqHOfKYFQUVvnJ8JWRhQgHBDONWSD2MNAc4kQO+mgBaHW0Dw6y7KWFYXJMyiCqIRtBEwNpHxbbIbLN+CwjcLgPVx3ySvbdCZM41XkjGJLP5RX9\/X+fnpkqT9xvD6cq8h8JyYVUYGiUs4oSIZbYU0BvHS7R+NgiSEorO\/\/ZzFd0wjxLbhRhnJzoE8ey\/TI0CS9ASs0zq5LVdnbCktHCBQQTKcLZjyffmZkyeKdyg\/wuAPFHQD2MZhcQtopspUySamGmUiJuiy96L0dGEIwQ9DA=="}
01029{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":639014,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":504,"pkt_l4_len":468,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAehbLUAALQbyHWf2OfsKGFK8H5DHTSs\/CJfLDfl0gBgADvERAAABAQgKmPiDOwALOJuwAQAAA6yR+4gP88yNN9XOxadg3oGkXkBJKtT\/+3vFyl0cDdeYoXWM1uK027YSyO9hZg1Gvm3tZm04snibEaA+\/xlHu8rXrS5m+CjS\/v3uHnT1QWvK\/65YYegv\/3Y43\/q6tVJQIfoChZTc0LzybFIVyuSJXGU5yi93vTf8XWM4GZtACLo65shEy4YWK69Jg1iMsCAE8WRNHWlsJp2gpZTJ2kcOWzLEyno3Wau2\/S31nawgycOJ8ZEJ0xJ+016NvjXdKTO+Muc2xIt8Lsvmo25frywI656aipbptXEhQ+39O+Uxz929SydwPRIYhqkwO66J8P5dg4L1grEoFkOZkdYVssJXoRfm1kIVTrIxAk23Da6L6eSUEXEdJz4lBRxNkbULaqLJsSP\/ViBaYpxE4FVpm5AWGaXIZw05KO85muYxDTaIrlCxrOOeElx1lZ2sTb9E7a+dN\/MgV8+zT25eTNErC+ftHZJady9DcQEn64UlcG3D1THcHsAffBgf\/+gBiaAdiwnHPwrfIYEB8Ab3Ht6VazhwXyfbw05y+XREZOfpyaR\/bRXu7OxXjpJAX93HCsbLqhLk"}
00435{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":646094,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzb0AAPwZJjwoYUrxn9jn7x00fkMsN+XQrPwpLgBAArTq3AAABAQgKAAs\/apj4gzs="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069164656,"flow_last_seen":0,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01018{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":656714,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"}
00418{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":657324,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="}
00436{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":679541,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn60AAPwb5hQoYUrxuTI8ygMgfkPcR3aiSeODJgBAAmkJyAAABAQgKAAs\/bkTbbLQ="}
@@ -62,7 +62,7 @@
00475{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":839667,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="}
00436{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":894873,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbLkAALgby0Gf2OfsKGFK8H5DHTSs\/CkvLDfmegBAADjopAAABAQgKmPiENgALP3I="}
00418{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":910803,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgKL0AAjwb4uYuWAH0KGFK8Abu3Y2Ij1jlRKAS0UBCfXOA4AAA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069164966,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00446{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":966834,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="}
00447{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":114875,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
00434{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":115149,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
@@ -77,9 +77,7 @@
01385{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":553046,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":766,"pkt_l4_len":730,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAu5KmkAAQAaTHQoYUrxuTI8y5ekjKS1pj3\/X8KHtgBgCILNgAAABAQgKAALHekTbcEQXAwEAINm1cNavLRNZp1pZY19HJVNlNQl6RPAjcGwjjzMfyU8KFwMBApA2DxoBwb0p9+HKSAqOqmoMv1RPpvr+UxOwddeZY7G\/Avd+vfJweoewxIwacaHoqMlPeRv50ipwmDnyqJYbxRYxW+pjKET6SQexMND677eBppHYZtfz5f9ho6VNzhUXi6dEnJvSnGIHss0qB64LM8\/NC8Dchqk7xEtC6UyIz1ZPxsbl2KKSJ6x9zs5SOvOvinqJ8i0d7eSlAvThyXW0JgPyE05CpBQjG9in6+VLiRNqg5eItsUtdU7Wn09jBccmfbF0eTpgvn0Kf6UVpmp9Tk12GuBSFBOcFaYlcxyrjM2OxytFW9fZ1O7DJjL8UP\/gk20bA1aYdGzRSAdmAGx4NO\/8HMCwEXQ7RFd361HgRFAb3vdZIS\/\/JTYSPbZm67w5vSgdD8jFR8\/ryuyJh8\/lxw3B8V+TRLep+OFjURrraXUslSzTF+dJkZ1MeMPjSxbNV6P2DshwdFUyNaaZX2w3M1i2ib1Laj5r2Mbs4OQV8MnTe+NcJf3yYK9PCJgpl9wjE2fpMHhllVb2+W+iN5btncbantgq+5QlRrq0Lwvfw89aPfmqIuQxhSZAqlcbmcnF\/HGvNhjkr8v2Rpa2QXaWofERJbbj+\/ePtv+zCGknb0eiHDAvCkBCeQI6IRO6IT+Xu1HU6GP6xSYSLp7eYuv0NiTFf1y5efQgee\/P4oVuLPnnw3DDy4vjg7KI3b09No6QWnVDqKwqR+8hwFhr67c7Z2pcpnjFochKxpN1\/dIrh6ck92S1D62dwfjg7wzSNiUseSA7c3ZhVxwIzNuNJRQxz+21FawNYXBzjvC\/f2S8MxoE1gsP\/BXWNjLHnEgs3q7iYXWjK1haxIjdgCN2byYptuqRIzz3YCq70c1Qxo1S+WxOrw=="}
01343{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":834906,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":734,"pkt_l4_len":698,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAs7yiEAALwb8Tm5MjzIKGFK8Iynl6dfwoe0taZI5gBgAJCccAAABAQgKRNtxZQACx3oXAwEAIBbu9uAJg9KejXeOW2eVwXNlTw84ENpo\/M8t0yWdLIBRFwMBAnD8\/n5dmx5yFayof5AuEOzyfFGSsuX4moQaSelOPWiF+UZEJphobW5gu8v+ad8sW8rg\/d\/HDWCGMAyq5rRYLnItWPJ2Fh3gNQfzggt6JGTgZvzawxIC\/2pueXO2eu1Vw1obTExhQq9qiDQ\/5REti2wMh0pUYVwhRdkYVK8xP0lMu3mfP+Ygm3uqN6qLNghIx\/5cJuOcj7amWTjPQHy47UJlvwM998QUmOrYuRXbaroscu3pcsDnywoLTcLx9KO7lJFw\/gZFJqvwvTRQBDV7It3yueZCiBQ\/iRoeGmw4tDYkte\/ysW73Q3eyGF2HECKqFnBNA8jc+EL64ZU6u8u15HJsd1hfR8M+fUyL+edOruuDm0hP9JNBTkjhsB6bDH9U88dJM7aI7wM\/DjJOTjBw8MgrDTuMv3osumvLOCS5eUJVjEJ+ZD2aOxMDhU6l+6\/KW248cHgPPF7w3PnRme6fjjwwU8HZvpfkFFvJgHDpo3ESXLdNp6j3dxGO6pkIjiVDb4UB7CKO2pDuTfrE9wISLgUp2e\/gAC99o2imZ7DQf0nBfID8+\/UrAAEzNu2LSaRxklqLBSUWZy2W97bJFRREf0CgM4WRPv8WqXg4NRb\/MhCEvr4kOVoW9L00yXq+RYObQyPixWLrG48PBq68n2XfkE2rEI08iTyh8zd4iMWAI7tRLI9DRvYGRcFwSUGG1ZD5kQA0CS4Ym9MjTxGXJJGBUCEnSd\/oIqxw0C50KjHrCq9Q9T6+aU+u93h524S+E7uH\/53KMYbD+WPsi0WxXhRLnoJOXSOk0yAUarVyVDyMJs8TgaRu5aOUMl85JD2NBvQnYWc="}
00435{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":869879,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKm0AAQAaV1goYUrxuTI8y5ekjKS1pkjnX8KSHgBACVlp5AAABAQgKAALHmkTbcWU="}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00564{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":90460,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
01512{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":406256,"pkt_caplen":862,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":862,"pkt_l4_len":826,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAA05KnEAAQAaSuwoYUrxuTI8y5ekjKS1pkjnX8KSHgBgCVq2kAAABAQgKAALJX0TbcWUXAwEAILKvjA1rGSYETwUErQSrhwubprhc+diQtgy8xQIPoKbyFwMBAvA1mPcMTtVnApvBr6qYNXLE9sdtRQHNv41\/3wNOb9mRDbvyh6QxjK9ctsqj\/1gnJ8sPFF6vv9Qfv60TBVpGaRmMfRCBClcfUW8rcTaiNv6TupPERaxQ89r0QuTkJMKkghxoUVClmYxvPV6KZyIi7VqMej8vLBQPuaVn6kMyrEB1BDVYuw\/kx6rEy3xnMY9hgH3cZmtYP\/ZUvFWcvvVuRqTmqAAlhR9hMlpSPYfyaDGa9oPwzRTr+TO9N4HuQ8oHasOUn5Se4hiG+K9X\/Oo53G7tX1eLc6MeoSQi1aFHe0TtXSIzZa1vIEx\/lLJoW5QV0xm6cQbTCke+m\/b28eS2TD7mVOpJ\/aJHAn6jAWM\/q2wY5+PzF\/llSerF2IeXR+d1S+83D2TpWbiQqnCoFkgWurLJir9B9ZoJdnq+agvXh5SWlUS7ryFWK1HQ1N1za1BgMXnePt4c3GwYgdwEEnvCVexpHDSgbMf+L43TS7Ry66U+QtROG0tUFtcbHgtnVapOGMEzQiMthNJyrYcMpHuPI8VM92vbO4E9TrXjc\/KxbUlxJFYSXFVZpLMPACco2Jmzi2WuiwI2SMJXA08frVutjFK97o12J42gUBK+IwdL2QPNNYPCg6Ewf4PPh92orXcLls3MVj2eK+LxlCIAGHULIoPoKv4vfsyh0EEavhgdpDOpGXnOIac4hxV+tIr5HyiBXvVN5Uukb2XYLu2OOohXcwjdHRBIEE8dl0JYaYBQx21xBzf2Ru1Nk3i0LWRfCuYn4lgWN5+b6jc8lxQhDJ147mJcEVrXQYI+nWtScO1pw+nwfbkgkppYNI1jdEGuTZxlf4NhU\/en2bGa0t59ZXcTpeYit+eJ2YmhoMdCzM\/t4JPMhxwTysN0\/uQnJkYAoV0ZoQynW+tY6sJkstSBAmgoLf6zMoQ4bHxy8YxwaRfWYqkMSnRdjgl1Lp2+RJiFwRWR1cAcOgvQXBh7mqP2KGKwIsAmaTgwQkGeJyRLYqmdOICfOA=="}
01405{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":703772,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":782,"pkt_l4_len":746,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAv6w3UAALwY9ym5MjzIKGFK8H5CAyJJ44Mn3Ed2ogBgAJHYbAAABAQgKRNuEaAALP24XAwEAIKyRqSHyPEKNOHG7RbUjn3N9oOyPfWWQZ\/Z\/LgkxhP+lFwMBAqBa4zdJxnEZDfRNwZy\/hPBxqFpDvQ5hYHi+mhtg8aEvgmGttqPr9vNQNNBla7S12j7U4UU2Kxhqku9QG\/Gapbkn5p9eMlTKUjpoG4rm5ZMvzTwBRtHNEksYviVJewGN9zRqzro6AKklCdlULJ83Qa50rL0i7o4Cryf27OrhVtmosRHsmWWFquDQACUMe3C\/XBbk5th1bY2F09Fqvb7hZe\/51CB20BWC4pRNrAmFqGBKsWjVJGYP8DW0V7hTgSx96n6GbfXZG8C+kTfwq5enqhz0vKuuy0uZQXTMyNj6W1bdkNBjr\/LdeeBizb5p9AvbwMkoWh9rLpCdJ6mGMJcJhht903nvgcT6DtM9rn4OUQLwtnc8JW2QCYkZJng+BKHgVcUw6zbLMQyMsaZCkR3Ztb1VRE8gnGnxia3i18lF3q8W1E6+733azou0PfOVuhgUUccC\/s4wr0aIDe+pe6RoLxJbkCcYfqOtooUr\/R5f7Q3rtFL5jrQzWqlu7mTVvibdhrppK4H5OD\/5PcBoFXz3bevRM4W1XuHukXtP4Zad\/acGJykjLwcTtwtDw2\/rneRCLC3YmiChjTuPTwXbr26BQgLHieZWTK4J8J32arQRigQA2s5Y+BVT6RUVI+LrYUEIcjmsfpuzn0kwxisCDWerzdRJ\/A+g9svnfaqwJVj+JvV+SPan6vKNiHAxWibUZ1urTAtPP462YVDUUqnW\/wGEfHSsKUnY5mNBpt15FPgXybQylzjB+W3n3I+RbfKxMsWqMveLTxq+8Wwi5I4jEpw2zvtCHDpP+92cPcbCtcydfd+\/hT+kQs5VnzvXG78uuO6+1JhmeoCWOg40kWU8YzuwMRM47lFGa8z2ppWH+p6jh7v0PUEAux+WiTEvSWhXK7fXVR4="}
@@ -87,15 +85,15 @@
00435{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":707770,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKnUAAQAaV1AoYUrxuTI8y5ekjKS1plVPX8KeRgBACi1p5AAABAQgKAALJfUTbhGk="}
00435{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":749030,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn7EAAPwb5hAoYUrxuTI8ygMgfkPcR3aiSeOOTgBAAqCWIAAABAQgKAAtBzETbhGg="}
00671{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":751319,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":238,"pkt_l4_len":202,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN7n7UAAPwb42QoYUrxuTI8ygMgfkPcR3aiSeOOTgBgAqPR6AAABAQgKAAtBzUTbhGgXAwEAIBnluoAxmGsbjSSghixkdaSDIjSYX25wkt+8RBvsg5f4FwMBAIDZso0VXLxlVyzWYQHqvAkL9HrkBJF4NmKHlCnTjVCzUJRJpAxG5W\/KDzDzzwLS6IV1PPKufK6HCwnJmz76dup3nSmMi2i9yCOs2txtFjOT6CfWMoT+FwneLbcSnxUNXWXeojiJ5zXCS\/BTDVFDhQbd\/RNtshJHz\/Qx\/3q1tFGtow=="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":892951,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00511{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":975714,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAQBHaOAoYUrwByQGuKB1aBwBWSf6ByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":0,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00481{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":118750,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":100,"pkt_l4_len":64,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFQAAEAAPxHbTgoYUrwByQGuLDhaBABATCmA7E6yizmc2guGVRn+xfaQv+g9g3ccEnajV1GbM8MpJWVK2C77CAiJwDoJYkgGCqWuS2HWMkwGeQ=="}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":0,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00478{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":120856,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/C92AbE6zizmgmguGVRkt\/rZnfXpGz0N2A\/IfJpewUyMSY166JO1xGXdEkGNQd31ADIw6ZS3SDh9Y"}
00478{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":120948,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/5SmAbE60izmkWguGVRmezvGSQL2r8\/lU9MEKvF6SC08uWokrFHcn2V7\/8UTxLNEjkf5mPRch1tsI"}
00512{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":127448,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAGoAAEAAGxH\/EAHJAa4KGFK8WgUsOQBWReSByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
@@ -103,9 +101,9 @@
00476{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":212470,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/7uaAbE62izmr2guGVRn8RhAolyCXjh9CBCF49gOSkQpyC1NGr5hVj6UCX85c7EbzzNysGYkXDN7V"}
00479{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":310797,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/3fiAbE63izmvmguGVRmGYc\/PxspsGATqnXfn\/lPOI8HaYGxhOfAK95CP\/Qe8aH4EXhyz4xuxnPQn"}
00476{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":310919,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/4amAbE64izmzWguGVRmsmUnG0GC8lkny6NAie4a5CSGZuJh+JZq1q9GcWniRPJDg6+UyOn2o7f17"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":0,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":389136,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":123,"pkt_l4_len":87,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGsAAEAAQBHaNwoYUrwByQGuKBxaBgBXWCuA7DE+fqkVA1Sapdp6cTmDebnhh8KUkQVLcfVIHO+KdE\/hh8TrsDi1pxsxiqViFSLVRYeZKeMWrEXQddUHKF8UZHmGznF9XlwFasBuVesU"}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":0,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00476{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":414466,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/8i6AbE65izm3GguGVRmdGcA+AQC9PW6Iu7D56EiFtVEV8BRmHczMxTAvU5GNKbDmUz3uXGfPQe61"}
00604{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":425208,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":192,"pkt_l4_len":156,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAALAAAEAAQBHZ8goYUrwByQGuKBxaBgCccR6AbDE\/fqkYw1SapdpQtIGDUUcsKy8FZc8SkcXbnkaLnkk7o+K31\/Lp8iVo3SBPJc3DyoRUtaFntc3koP5JLgEppFZXqNkw36nmYntuZ329GNTJ06T0XeyZJfDm34fzEotPLv3zEaM1kQ76cuJR6IF9rGbKT3sQKWcYIsd5M3XbqcXgkS4bFd8efSkCV9pxMGaMM2HU"}
00502{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":464453,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":115,"pkt_l4_len":79,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGMAAEAAQBHaPwoYUrwByQGuKBxaBgBPG\/OAbDFAfqkcg1SapdrEmBFpbnVmJMblF0rZoL8vvV92uiSDpJJT7NfUzojI6pP2kn9ZuUksJi0oXTyacMa3Otx9PZKNJxznlw=="}
@@ -136,9 +134,7 @@
00539{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069176,"pkt_ts_usec":37726,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqZYeByAAMVJql2pfLuFsajzgI1GDl8NkFRGhOyQ6thpJYAOTYJlo9hdZVicoZQsCxkiH\/3fDmYyH9D6n5lvUWFQSCeoKxyM8tWJPmna38RJwk7wBqD5OAAAADKGmQ4Gj9SLx1sQ=="}
00545{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069176,"pkt_ts_usec":115454,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqGyyByAAMC4ZVGRvN6Z48FBPXUmifLFQsGuSjeOUcO85HTHtDHvXvyqkZp\/ZQTHwoc4rLMwW\/Mpy9OSUDQLloAM1pJAcB+M52Dd+1\/1jxID1F3PS\/ZYuAAAADsb6NtDdP2V5EjA=="}
00541{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069176,"pkt_ts_usec":200476,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgUsOQBqYW2ByAAMVJql2pfLuFsajzgI1GDl8NkFRGhOyQ6thpJYAOTYJlo9hdZVicoZQsCxkiH\/3fDmYyH9D6n5lvUWFQSCeoKxyM8tWJPmna38RJwk7wBqD5OAAAADKGmQ4Gj9SLx1sQ=="}
00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":677,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":677,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00456{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069180,"pkt_ts_usec":329901,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00540{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069180,"pkt_ts_usec":702674,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqyS6ByAAMVJql2nhUecfSj38IyetU7qmBuDDPjWXjWG6rSfmFeg4CNNxlBxif7M9KMVtpfq2RjbJmtK+rq2SSv32uc+V\/lvbg2LY9MFOYdQ6IXJKzlD6AAAAE+zNyuhY7D2DdMg=="}
00541{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069180,"pkt_ts_usec":709632,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqTFSByAAMC4ZVGQ21DhFtJ5pVSpHA29mSXWgupbBBO2VyAq\/04b9a0U3MpwQFQvWqFidhxeuTBSyks5kk9ZQJHxCKEShx1YUsKPxryHVVYZGtotYaqIGAAAAEQW6VLf5HEs5d\/Q=="}
@@ -149,10 +145,8 @@
00545{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069185,"pkt_ts_usec":668830,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgUsOQBq9dGByAAMVJql2vzdEHtzVkuLwbh85caR8kjCcDaL3PS\/PCBmHKFhUSVDzj8AsEmUKMXA4RVxQRjLhRRrd\/\/nqFxlHC1t4TMWO5IABN8HcsyrvgJSoh6AAAAFwPG5g0w8m5sYNA=="}
00542{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069185,"pkt_ts_usec":851386,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGxH+\/AHJAa4KGFK8WgcoHQBqQFeByAAMC4ZVGcUjApy2sue2tvDaN2KXPaYSbTfXaSG+ITJBdxGS4Z7v96DyWGv1vboRBsIe1PTM7lRMYuB6d0wicOv2m8voT\/jI4qNuL+yAlVSZpvyAAAAFsvRi3qH3s9CHuQ=="}
00540{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069190,"pkt_ts_usec":86249,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqCSmByAAMVJql2gRWPG3l8w5hOwzoy9m2wROuAugBJqx5iNx7FJ02GyGvsIOD2bPTvUWQL0OmwzWT8TtbUF1kXKRhc5TuDE7J9Dm4r2uYi9gLbNEOgXWAAAAGz5aUe2fjPfiCzA=="}
00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00544{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069190,"pkt_ts_usec":414282,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqdx6ByAAMC4ZVGYPBykZo98GjW7rSje0MC\/FhIPRFNwClmIb9SGUZgNWOTNyayh3yccRe6e23Me\/3Lybtb9K3v7dyVC\/mDym9bajjfD19bHFV97QkQZaAAAAGt3WpIYgG7Bo8Eg=="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00422{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069193,"pkt_ts_usec":291327,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="}
00542{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1477,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069193,"pkt_ts_usec":359595,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGxH+\/AHJAa4KGFK8WgUsOQBqBQ+ByAAMVJql2gRWPG3l8w5hOwzoy9m2wROuAugBJqx5iNx7FJ02GyGvsIOD2bPTvUWQL0OmwzWT8TtbUF1kXKRhc5TuDE7J9Dm4r2uYi9gLbNEOgXWAAAAGz5aUe2fjPfiCzA=="}
00545{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069193,"pkt_ts_usec":952552,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgcoHQBqeziByAAMC4ZVGYPBykZo98GjW7rSje0MC\/FhIPRFNwClmIb9SGUZgNWOTNyayh3yccRe6e23Me\/3Lybtb9K3v7dyVC\/mDym9bajjfD19bHFV97QkQZaAAAAGt3WpIYgG7Bo8Eg=="}
@@ -162,24 +156,22 @@
00544{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1784,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069197,"pkt_ts_usec":128607,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGxH+\/AHJAa4KGFK8WgcoHQBql62ByAAMC4ZVGbItSd6\/mTyCIr4E3Y5lu3\/72m5jcJjbwC5KlnCFnzd0zuOtETGMhjqjiiAH+YRIre6dMeMVSoMFs0jEh5oqJoOmprnMRKGlbL9RDliAAAAHKgs0sfS9+zbuxw=="}
00543{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069199,"pkt_ts_usec":424079,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqiN+ByAAMVJql2usjul1bYt0wXtBGultF6ID8cTY8FKzSbZy09RI\/Nk\/Zog6jhkaTF88sGdIGxg0nTTITCbns5cdACSsU7aRlGhJYmiNLLu3NkWkKaSGAAAAIuSiehL8FPbSahw=="}
00543{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069200,"pkt_ts_usec":111334,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBq5\/mByAAMC4ZVGaDpnSddKM5Xo0F7IzUlJ0K974tSl6CKC75qjJ7CzzdGPB\/jgt1yWqXNt5f8eE7my+DfJ1ibS2biQYoq0+IluHuPfo1V6AWC+zZ2seaAAAAIJChM86bO4q6g9Q=="}
00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069201833,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00441{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069201,"pkt_ts_usec":833106,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="}
00543{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2136,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069202,"pkt_ts_usec":289099,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgcoHQBq7BOByAAMC4ZVGaDpnSddKM5Xo0F7IzUlJ0K974tSl6CKC75qjJ7CzzdGPB\/jgt1yWqXNt5f8eE7my+DfJ1ibS2biQYoq0+IluHuPfo1V6AWC+zZ2seaAAAAIJChM86bO4q6g9Q=="}
00441{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069202,"pkt_ts_usec":570380,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="}
00440{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069204,"pkt_ts_usec":49811,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="}
00440{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069207,"pkt_ts_usec":19934,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxkAAQAYrcQoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtktBAAABAQgKAALXrcwmIb5QFA=="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00421{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069210,"pkt_ts_usec":863623,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069211505,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00421{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":505377,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="}
00438{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":505591,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069211639,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00451{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":639075,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00454{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":640662,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00425{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":703101,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"}
00422{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":703253,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="}
00714{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":712958,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":272,"pkt_l4_len":236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAQBoBEAAQAZuowoYUryt\/FiA6jIBuzJ1sXljz56FUBg2sOucAAAWAwEA0wEAAM8DAVU9H9uNfuN6igTtfCsi5UGJAGu+tBUa6vvxV3L7s6crIN7mSkHwum5YAkPf9F1sC8Q73hXOE4o3oouZE9fRYbaoAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABE="}
@@ -207,17 +199,25 @@
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}

6
test/results/NTPv2.pcap.out
View File

@@ -1,8 +1,8 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00883{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865383,"pkt_ts_usec":632810,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1

10
test/results/NTPv3.pcap.out
View File

@@ -1,8 +1,8 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865405,"pkt_ts_usec":371462,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -16,5 +16,5 @@
~~ total allocations/frees...: 35339/35339
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 129 chars
~~ json string max len.......: 513 chars
~~ json string avg len.......: 394 chars
~~ json string max len.......: 525 chars
~~ json string avg len.......: 400 chars

10
test/results/NTPv4.pcap.out
View File

@@ -1,8 +1,8 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865396,"pkt_ts_usec":190857,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"}
00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -16,5 +16,5 @@
~~ total allocations/frees...: 35339/35339
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 129 chars
~~ json string max len.......: 513 chars
~~ json string avg len.......: 394 chars
~~ json string max len.......: 525 chars
~~ json string avg len.......: 400 chars

2
test/results/Oscar.pcap.out
View File

@@ -1,5 +1,5 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434606464176,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":176482,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":205135,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":205258,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}

4782
test/results/WebattackRCE.pcap.out
View File

File diff suppressed because it is too large Load Diff

18
test/results/WebattackSQLinj.pcap.out
View File

@@ -1,5 +1,5 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1499348407419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":419016,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
00442{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":419147,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
00430{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":420458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"}
@@ -12,7 +12,7 @@
00431{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348412,"pkt_ts_usec":425420,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04ahAAD4G5C+sEAABwKgKMo1kAFAWk4YJuxMyd4ARAO0\/sAAAAQEICgE+atAD6Ddh"}
00432{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348412,"pkt_ts_usec":425455,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BwhAAEAGvNDAqAoyrBAAAQBQjWS7EzJ4FpOGCoAQAOs6zwAAAQEICgPoPEMBPmrQ"}
00432{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348412,"pkt_ts_usec":425928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04alAAD4G5C6sEAABwKgKMo1kAFAWk4YKuxMyeIAQAO06zAAAAQEICgE+atED6DxD"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1499348413192,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":192475,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="}
00443{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":192603,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="}
00432{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":193376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"}
@@ -24,7 +24,7 @@
00432{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348418,"pkt_ts_usec":262402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pcxAAEAGHgzAqAoyrBAAAQBQjWbwop\/6Fd2XoIARAOuAVQAAAQEICgPoQfcBPmuh"}
00432{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348418,"pkt_ts_usec":262929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kdAAD4Gx5CsEAABwKgKMo1mAFAV3Zeg8KKf+4ARAQF7WwAAAQEICgE+cIQD6EH3"}
00433{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348418,"pkt_ts_usec":262971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pc1AAEAGHgvAqAoyrBAAAQBQjWbwop\/7Fd2XoYAQAOt7cQAAAQEICgPoQfcBPnCE"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1499348422024,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":24349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="}
00443{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":24463,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="}
00430{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":25263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"}
@@ -36,7 +36,7 @@
00431{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348427,"pkt_ts_usec":62967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MnVAAEAGkWPAqAoyrBAAAQBQjWik938q\/YF5oIARAOsR+gAAAQEICgPoSo8BPnQ5"}
00432{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348427,"pkt_ts_usec":63609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7pAAD4Gwh6sEAABwKgKMo1oAFD9gXmgpPd\/K4ARAQIM\/wAAAQEICgE+eRwD6EqP"}
00432{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348427,"pkt_ts_usec":63652,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MnZAAEAGkWLAqAoyrBAAAQBQjWik938r\/YF5oYAQAOsNFgAAAQEICgPoSo8BPnkc"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1499348433464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":464668,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="}
00444{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":464810,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="}
00431{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":465554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"}
@@ -49,7 +49,7 @@
00431{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348438,"pkt_ts_usec":551184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05bdAAEAG3iDAqAoyrBAAAQBQjWqDJMWxwtQmsIARAOxkcAAAAQEICgPoVccBPn9x"}
00432{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348438,"pkt_ts_usec":551823,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WxBAAD4GasisEAABwKgKMo1qAFDC1CawgyTFsoARAShfUAAAAQEICgE+hFQD6FXH"}
00433{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348438,"pkt_ts_usec":551871,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05bhAAEAG3h\/AqAoyrBAAAQBQjWqDJMWywtQmsYAQAOxfjAAAAQEICgPoVccBPoRU"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1499348467295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":295664,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="}
00443{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":295837,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="}
00431{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":296387,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"}
@@ -61,7 +61,7 @@
00431{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348472,"pkt_ts_usec":301832,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pgBAAEAGHdjAqAoyrBAAAQBQjWwuedwJF8yZLoARAOyZXwAAAQEICgPodrwBPqBo"}
00431{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348472,"pkt_ts_usec":302316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrRAAD4GjySsEAABwKgKMo1sAFAXzJkuLnncCoARAQSUZAAAAQEICgE+pUoD6Ha8"}
00432{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348472,"pkt_ts_usec":302394,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pgFAAEAGHdfAqAoyrBAAAQBQjWwuedwKF8yZL4AQAOyUewAAAQEICgPodr0BPqVK"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1499348480992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":992304,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="}
00443{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":992428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="}
00431{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":993219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"}
@@ -73,7 +73,7 @@
00430{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348486,"pkt_ts_usec":1345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0k\/NAAEAGL+XAqAoyrBAAAQBQjW5ct+7aa8WReoARAOvxSQAAAQEICgPohB0BPq3H"}
00429{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348486,"pkt_ts_usec":1932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqxAAD4GoyysEAABwKgKMo1uAFBrxZF6XLfu24ARAO3sYgAAAQEICgE+sqsD6IQd"}
00431{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348486,"pkt_ts_usec":2003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0k\/RAAEAGL+TAqAoyrBAAAQBQjW5ct+7ba8WRe4AQAOvsZAAAAQEICgPohB0BPrKr"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1499348494345,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":345596,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="}
00443{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":345725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="}
00431{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":346517,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"}
@@ -85,7 +85,7 @@
00431{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348499,"pkt_ts_usec":355269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Kp1AAEAGmTvAqAoyrBAAAQBQjXBGdq4OG5byv4ARAOsdKQAAAQEICgPokSgBPrrS"}
00432{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348499,"pkt_ts_usec":355896,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SntAAD4Ge12sEAABwKgKMo1wAFAblvK\/RnauD4ARAQEYLwAAAQEICgE+v7UD6JEo"}
00432{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348499,"pkt_ts_usec":355969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Kp5AAEAGmTrAqAoyrBAAAQBQjXBGdq4PG5bywIAQAOsYRQAAAQEICgPokSgBPr+1"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1499348506489,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":489087,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="}
00444{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":489193,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="}
00431{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":490001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"}
@@ -97,7 +97,7 @@
00432{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348511,"pkt_ts_usec":496547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ggxAAD4GQ8ysEAABwKgKMo1yAFDHw0a\/FtArUoARAQK3jgAAAQEICgE+y5AD6Jgh"}
00432{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348511,"pkt_ts_usec":496699,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0u+lAAEAGB+\/AqAoyrBAAAQBQjXIW0CtSx8NGwIARAOuywgAAAQEICgPonQMBPsuQ"}
00432{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348511,"pkt_ts_usec":497289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gg1AAD4GQ8usEAABwKgKMo1yAFDHw0bAFtArU4AQAQKyqgAAAQEICgE+y5ED6J0D"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1499348514064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":64531,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="}
00442{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":64644,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="}
00430{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":65457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"}

1322
test/results/WebattackXSS.pcap.out
View File

File diff suppressed because one or more lines are too long

8
test/results/aimini-http.pcap.out
View File

@@ -1,5 +1,5 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614860229383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":383219,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":383751,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384335,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
@@ -16,7 +16,7 @@
02385{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385650,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQkAAIAGAAAKZgACCmUAAgBQb1Wbu7DMm7uIJVAYgAEanQAAlONVAAp6n4IpZpbWOnPOHqkbkowRF8xsfJ0FBoEq8hQUc8YWz6k\/sYHJgIKxHQB99ghae4YfENDgo4A+PCPHqZ+9AIL35Nc5srpHBkbOAQOJth7I8tMIbqEPV2GmmkB8MqUywD\/V2j8mmQ7R3uDLNhW4HPv2bIaHd6BAQVDxhayKnXEt0wSjID0EcZIHGgXkF1+uJdF6+wYMEJ7Owa2gGJCsoJqr4ASDDrEndDGJwjgGyS32WuH93cD9XgwYulRxHNmpC9wTJEiijdbFRnLTYGx7AFyGJLUIuNiTieQhIp1pQEdX2KhZcbIdH9RBXMm5FMVjHnnPNphltiQ0aOT+qRe5pPaAMhhYGrAIgF+zhDmJZjgnIZrLsQxwzpBn8MHcpmAxaJVZGoBSVxCV5IP5NDO42roVulZPkXR4bMfUcQpS8O4zIhhmBnmGZwX0ZEAIEAVwB25MaANbBT2QCr5u5SVQiEe4pBQZfWVqPcA5ww76tNnaV3jKx2hT0FijAM5QgqKYHaQlXAYBCC3w8RRcBOUZ+fZiddRkTOw51APUWXuDSwQChZsNaVRclWjgiUD4HG+ODEhnzgBTSBgLw+vhGzHZaKFDQAHYBbGYpH42FrAr0C3oekUPsw8xIDwPA4PO0e6swr+D8051opS0BdisfL5UYz452k44X9J8ojKNlHPK45QQTy1zLaDG9QUYBadSzb02e4iBEu+CjVV+PNoKdtHI29JN6lHFjLBSbjhXSK8dEDE7sXbGKgVXTEfFqDuWoAlmaFLQ4bNjTQbARIQUHd5H7XU+8PM5nyJQcWUV2EqGycKLJckPkVoSxFiCeCv\/R6tTJRKKTGRWplLrY3SweVRxPiwV7ZMPlPnaOEXApI5S+mGkfBPyykBVhelkWhTE3JWHKzz8En6h1o\/VWC1UXfjG7rrQqzhiV1YnVSQFpTSSc0mtwTMxcTtlhJgYNUXsEqmAYWZ\/kahPo3DCWrmkbFCvYF5DBWC6gZyOPSW12GuMOo5GwcZMMRNFLcpwq0H92hveQph9Knril8HddQ+jWnF3xRE5xOIf7zAI\/\/hpcNm\/HtxCMH3T+wxhOgS6V\/3hsA+h+5247v0q+rdQ+6J\/07+FqPnT4093QwiQ+w\/Uy1AiW2lVw\/Hlr3YUoZZGnwy95kjXodIFlzLT79p7FHqoQXj5CwTakBOXYiuArJpQ+MVBHCqscrTqhFEkHe4I+C\/CE6vE7mgv895LcidtUH65MxAxTbqqLydA2jJzW9XsQutAHYd0a5JM6jRrcjfeI5+LDFMazUOS6dXo7oyo3XWYSPZoYGzA3chckbIsIBDhghlKUwRcSVAkxCvk5RTbparoEYHsYqBLbrWTxNmrskgKdQmSTVEeT9c4jYj9DNNWBo5ICgpK0eXXJxAwbNsLTsWut0dRDeDJuhnjzfnc9xzKLYCyj9kkQNgTV3IdzxyVG4AYptODtpRLNoqIFKxDwOX3JNPkpoQSUE+iX3YL2BsqCLkXOH7Kzsqi6IuqiCV\/GjWij3lvVBJoGCS5FnNMRDik9SLtilSK\/UZIEAbYHFVjZiedsW1JpMO96JQnKCxtskFlJBX2QIIE0+MILJr4WDGPh5gg0yIAEC8F7Cpi4IEu575WTyXFjfoapxekSCsOSjRcaOsnLnDGML4FSVbCh+GvRC5ied0AA+LDQetaMEmhDuVKMJwcYe4LTK3OzQCPLZm\/EBeYEOSF3BajdsAAjZkbtTqmrBZ0nNVYKW6qgFoxN9DBqjev4k4kJR\/pxxQ5xBSITrDGWhgqdvM2cCYGRUTuNSL3IbDFcnsqLE8HZ6M92BOsXwupmkyj4phjmDx\/uZaOoBgx1z+VnKdJ5nRoh7RqjPCQL5xkSRJHRUg3q2GS4HBcUd41FgBMc36hIvPtGGLwSpA58gy8yg652AY2TTpqa5qrSCvpCo\/oIX1RUPMEJkGBANE="}
02403{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385651,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQoAAIAGAAAKZgACCmUAAgBQb1Wbu7aAm7uIJVAYgAEanQAAC4h3IHYTRW8Ic+DKWeCNlwosSk7BfU\/fr2BkIwNOxVAaRbMIRq+Y2EMHJHMaUDNB5OEBZ6DIYfiDRibE4AyMOLgy+Au8ND9cSqkHnSu33AdFySdHAv0F+Yz61HbBtUlAHCPyh8DkO8r+Qf2A7kI74CiE+U\/qhHSHj+EQ60itGqDeHliTkLgQvAvgEUsjgpLGb+sBa1h75Lr56JxSvowzeRiBcc6Arn2\/6ENnQVdBOfkQrPGYwcdE6kAdZfPo2vjqEYkpe3JJ4ivrNFOOHit4FY4pswthgUTmHZEnl5TI2jgYaCbyYs4ZYBRWKXpkIBacesUsC9ZT+eTPKnOlzfgDeITcFnttVK5MjI4kgXW3JWgLrz+KocpkFlLZkcTollerMDQGnvoNfZV1odAJflAgHM0q\/bH7Yk49VyTK+uzP6dGDfyLTjniQr5WPDsVK1S8K7Qig50RJtqRbchLU4X7Fpkoiiqq\/QFGWQlan7jt+GCsdUhQondPw82Q\/MVKRYHasybsp+2M0r3MaizreXyIb4sVnztpCJxixUjPK31SyzeY6H\/4aZTQgQABhhUd\/g4Aodj2HPWVSayR8WSIYLCRlE9Eb4sT1Z5VTLDESLR3o6SqOEvpQ5oBgwgVwV8kTVEd3ssI8ADMP3DcPYawklHRilfLwtDYBL1DQy4XkjpGnGeOr6l485ayVjByUJFSZ3EfByVHqVUktF7PqyEZCE4p3iLvKSxKsFCjJSB6dJH3j06gAEnBqwBd+xhyITmkq9kgjmQXURWTwNBqMPHHwxYwMye1jLnBabIkpnS9BuPClOymzJkyHopn9cvrYBRFMcbKMS4Zs3Y+kZzf7Cdw9REWUe\/MCjH6kHy7IjGt\/foUDi9o2N8N0yie4lNMg9MPJMpvk4i1s7zzC\/19Jyvxlaly3RylobXTcQqKXlUSR2Vlr5hFUNnm2Q9FGniNTiFWylA8ghsNjJlsd3aYMBlgRnHiQHy9Y08SlzmehS\/bedu15ohalfMo7QVtzxAgYHBQlyR4nFnBo6CCgB+Jx9gmTD3hgC3iWEpkOs2lxDN4Ir6jkHnUhWUPtopdG2g9PktBGNgOxkAfJFgdQeNSLq0q\/oNfPxziVs0GOPtuJsqLkLJOOBz7DkzALuSAdUOi8iLJ4WdJkE+xhOd9VlKXMsKJXl4QriHOWHsgexRCA84hsH0PUjDlzj54XAiprXLgx56bUCz8Tk3v2NbPvKncseclJJTK\/A+cqOknbRbK4sKzdIkWP\/KoSMWuGUwV5c5s8bspn5kOnS+Ah\/G4Kzg6OARcy80iQq8zCKFetdAeY2KX8GqBfuIPnbvElJ0TJhZaJlzeVR6fF5lYy5nRPR\/R6qNsmo4JyuaDzckl35E8UeClGEQrkggIN+TXBpJe6GydhVEgcRXJfnUXO6bAs9gA9TKsncMkLSjDBwJDKrZDjMfpRIL6+uwCbqLS6WiuG1s\/EBUYSvl9wOdgjoxUl0+pfaZmvkq+AB0U3jRbatKJ3bMrT5stuVVE03l7wjNslJiS7CBgvui91Enip06hriq3oAeStV\/SiG8aDhZW3SmGxnKaQfRntYJZcmLzmakBGTiPEdAGlDor15IprxP4xnrGdIaGW+bxgEwHATOT9rq5J8rqutpXkEF\/rWONMXNGk39i\/SVyoEv3\/Q3t4cENO7\/Yzbgvq39wOrnBvEOY61X6eq8Fl\/\/Zx0LsePH4Wd+fXg4893p70U3\/Y\/wTPDAU08Pnu01CcD\/u9i58wScrtPfavr\/sXj5961+J+eHffH0IL9NkS2ix0AI\/h7eGg\/9gbcv1h\/wEKh31Mt95+xBQqbRW6v79WVFVwW9Ptnej\/gvnUh59619eiP4BK0FYP2z\/vi+tB7\/y6L5i2x58G0NvHYZ8zsHqwMLCH\/s+feGQV8XDfv6AfuDdqCDRXAJ3+zf01EFbB8d1\/uh08Dn7pi8s="}
02405{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385653,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQsAAIAGAAAKZgACCmUAAgBQb1Wbu7w0m7uIJVAYgAEanQAA3k3vY\/9B\/PpTn3oFcqCtx2EPn3m8Gz4K1cMdFV\/3P8Lo4ecdNoRU40aqh08AE9P7U+8BaIbbvctfBg\/9S51ivr97eBicDxh19YTuG2fm9u7xVxj3wyNcIFTY5VVvcP1p2Mf6\/YcHHhtQPoS2+npWrkEOHqGbIeBx+RmYAMMzjk4LLpvyvik7y9qLamDeiTKmlHNaz5mCcVuqTTy88F\/ixCzq5dUrV3B6M\/d89Dpz\/hQlqcCNiWPeEiJGduxlcd7IjtBHznaCZXKF6Y1b6RUo521DnB4GeclJ0RIESt9P1dnu0if1hgmCzDRhHUdv\/YIelyFRLYvBNyURQj9LZeslU1OIN8Ez2QOypL46g4t9C7VjjU4282JwqsAFTaa\/p3hgd2bhdbWPoVsB4zNiW672p7El4sS3Gp5K+9yAokOFHsgwjdU2u3wWi\/lDWoMD6KPCEWWb8OaATKU3tUukY3ReIRVsj0AVY7YbXUtt4sQ6J83SOMm2SHB6M+JdDRA6OalafxsBCpqCilrqiPBYXPBl1HYtSoIBQrzF1eVEAftV4+wIQZw4L0il+2LEqp7iUIhyDsRTlIzVXWSOPiIrM86ieJ69ebWooGmjbDpGpLS+yaxKzj+bZjtbgS3s5lhvqLhXJcmMPZr\/SO+agygV3OpI96mTMxRy4pdE1nMzBWZYexxdZ97NuKmlqFRfGS01RLC4+KkXTHCXx640AlAwlb6Ln88IyFNB8aIkaqAkK3si20tDDKXTJmN6uabAnzsULAVsse1MdGdq61nW3obEKnfBdcl1woOyVv2n3C1iN5638fHWPc4A5OmYpVo6yhY2CktIPR1n61hllqki4sbcLduUAc7DZa3esnU\/UIhhguW4B8TV2+1gGHIS0pJN0UHiHYcrMKhNHVlit8RwZa+FtQy4IjZI8ScWi1PRSyei0awIfBVRqBOOS1v+jZvH8RitwoGLL22Y56rZ8UZLXJ5W27Tz84r21Vne7d557+qq8L0l\/nCSeNdqtdtQ8JqDkXLaXnMwkjqHSr2QgUPMuygfQ4lHbv8lfW7\/CMjKkVGjLr1QMGDVBrPjVjgYg4AjLO1ZVXqeJCLJdkjnFqjKW+1xeNtPFH75BMe4fIJj+VDgaZSd8Eafyuu+1cdNbXqDpNi8Yof8BHeBXyLDvtZeTLDejcc1es94cHMPTl7v9rF4Pr3oaVvCSy8yQdzyHcaFvZPFRbIRBqKYzF8\/HbBW4+5oP6zOHUj11kvWb\/XtG\/XaB9WboJkhg6ZW6YChtOT6PkSB2YYLcmnU5tByx+qI1+5\/qm7+sbn4v1Rxnj3H\/AAjgN\/JkVLFpJiY5DQD29l8NIqY6odR1C2drPjizK3KPm9Cz2T9gS5B3y1+yE5xVzVKL2rUW63sPY3D+vo37QpH+x8zX2w7KNN8LGSB8O+vUjh5Wx88\/72H228heuubO684UB6u+KD7P3P8PX5A7Znf76FT+PDovQ0fNAJJwhUZShnI6GBRnU\/nf396eprOOshvT3gu66f50\/snf\/rUsX7MlGTp82o\/Wu+fnoa4Ya9Uh7bwRTL60drJNY86zE+roFoXP6uVPYL+p\/SDXaK8dGY\/jxl\/BmH+W49swztMrx4ZYvfUeboNn94TxZ0tB+EaxoAEFsha1beGL3y08AyYt\/rbIPo7KHymv1KS+AEW9cWOj2GI2\/8Zkj\/9VRRwBqB6x3rKXjvc8i0TJC77TAt9RnZtHFtpLz03sgqoFB7Jv12ivmby0idMfln5hAm+P7H9GyYQq0nyIkE3jbxMMam9P6cCP1Rpdfv5KefZCgRY2Q8H9PiqGlz5Fgq\/Wo4fP1n9GIrSk+rrG9A9EEcNFWQ++4pLx+J\/sy\/h4CH\/1toYRtvGoLRxnH3YZbaFfK2jlcbOP7vBgGpqR2vUbvrgxdb7WoluYV20\/JGp4RVvpfy9jPJnyVa\/G\/bSN+8K3Lc="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614860229385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385965,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386298,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386303,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
@@ -33,7 +33,7 @@
00761{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388449,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"WgXZu6TVApXG95WRCABFAAEpBRcAAIAGAAAKZgACCmUAAgBQb1abu8HPm7u\/hVAYgAEV6gAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDA4IEp1biAyMDExIDA2OjU5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIwDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTIsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/wMAAAAAAAAAAAA="}
00761{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388751,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"ApXG95NL5kBKB+riCABFAAEpBRcAAH8GIOoKZgACCmUAAgBQb1abu8HPm7u\/hVAYgAGTBAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDA4IEp1biAyMDExIDA2OjU5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIwDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTIsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/wMAAAAAAAAAAAA="}
00420{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388755,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRAAAIAGAAAKZQACCmYAAm9WAFCbu7+Fm7vC0FAUgAEU6QAAAAAAAAAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614860229388,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388780,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389055,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389059,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
@@ -50,7 +50,7 @@
00878{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389636,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"pkt":"WgXZu6TVApXG95WRCABFAAF8BR4AAIAGAAAKZgACCmUAAgBQb1ebvAKbm7vpyFAYgAEWPQAAucYYa9P8yDENbbqChzNeCZ2xSn8BF2zhrej8E62BLvjS3FLP0ZF96T22eSn6lOww9Fjpqn+\/YxxLS5Zx6Kt3IRu9xD88wzGxVpYD1hfVVvWw2mvuUMWrI0WS5VhoiXMb5k7qmD\/WsY5Y2ezEDk45OplaaKLwKDCUPN4g47hFdd2iXFSU8GyFhdkLB3bcPT7sfkQX3Y\/H56h10kHt05PO24u3pyfn6dMZHcmy4MfTvXuKPYMcPzzmzxwpQw\/THfOxs01TulP6Hyli0ByLikFzAuq1ChNxNBz9fHl5ObQaVESX3Ixf7lyaw8uG8Co+jWrurN1Xws7l5UfSJ+5cHZdecYn7SvgPYaZtoXZGaiexo73iNhN6ephpv2S8z52Ew0dNk7YzS0dju8\/QqPQuG5cnzuUOY7mRri1ZY6AMJtii2VkoV4jOeC3QQ5Sb\/w99HK6xQYUAAA=="}
02390{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389747,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ApXG95NL5kBKB+riCABFAAXcBRoAAH8GHDQKZgACCmUAAgBQb1ebu+vLm7vpyFAYgAFM7gAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMzozMyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiA1OTEzDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTQsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/+1d+XLbOJP\/P1V5BwxTY8UTiyIpy7oiTck6nEziI7GTzMy3X7lAEpJo85B5SFays7W1b7Gvt0+yDYCkKImi5LHGmXHZSiyAABqNRqP71yBNvB76ltl8\/uz1kGCdfvuGb5LmyND8wCXeHuq5hKCOM7FNB+uvC7wY6lnEx2jo+6M8uQmMcUNoO7ZPbD9\/MR0RAWk81xB8cusXaCd1bYhdj\/iNwO\/nKwIqxFRsbJGG8I5MJ46re4m2x4FnaHvos6ETB1g5gnrwdXxWBLbef+a87cXM7aEzE0+XCXeIp7nGyDccO0E7aoWwraMRNER9x0V9RjEYsZKpE7gIqqHR0PEpA+OQEYvyxRoOKEtiss+kSM5cPLBwolPbyWtYG5JVDbq3IwOknmghLY\/no6M6frIONk1aC0E107CvkUvMhnA+dFxfC3z0VqPjHrqk3xBoX7VCwbAGIjYswzZEm\/iQxQPiFfp4bEBdEX4JyIdZbAispHCbNxgNxsish0PHubawe70t4pR\/z5+CeolA6tvh6cdO92P+49ujNxe1F91uT+4pSB7dIs8xDb0eFl+cntVe9NjPcuH7bi+j6eHpxcXpce1Fp9ypdufKW+13Rx9PP510ItJ\/PH8GPKl34alb7lbTCrfBU5d+GE+et8DTKlFsIKdVpRFPLeVQOaysl5O6yFOn1JW6rT\/Hk9Qr9koZcloinc7T+C5i6h72lF7nz4ppuXUaS5Qp99K\/XtTzTMY67GclY2X6yZDVUusEY0yluKwoW4uqvor2JlO4hq3l1kl5scacLd3xv2mO6biRjOsq+Avi5pnRqEGxT\/To2sTQ\/WENiHJZqzZYlD4YzLxnfCU1uTS6rbNsH1uGOa19Jq6ObcyvTYgxGPo11TH1OqdTkTiZvpckwqmLfSt5UQkvYjXmtqPQT516wrxONMfF1BfVbMcm9QyexpynPR8PHWuZNdaLN1roux72WenRT0odeaEXTn0PuwY2U1nkNOYGXknntA6+geSHnEW5WPqRN50T\/H7UdGkkvpbVRduxwOWeY9tDx+fL0xSOWpHK5V5v1TCgG8v+FvIn1RcEt4pmW6KflaKxbPXOJA\/L9LOapL+KIhuEj1WTfEvTFD6JC5Md9lkqlVqlVtoU4W+pmhm2k0v7SqdDq9WGDnQUKbUktVqyvDSGwIbVRzthLcaGZ8Ci\/LZI6\/kzQAnf+FKt8bUF6Mv6BnBiYNg1CdgeYV037AFNQ7nq6NMVpeGKp2t9ziq12Q+S1tgdJSr\/43WBo4\/X5+2Pb88uOErJMfx6hceYg8gcMrE9CAC5NHK\/wNVzfrX5+od8HgYR2BoVA7Kdrut6L3e\/uQRwtI18NyD1PwDhTAxbdyYiCNh1HbfB69VBHv2XvjP6oeERs7\/7jedE09GYVHeTGVYlztWJ6RE0V54LgdhkMkkCMdvxL71A7bsAIkUKyHN1JvgxdgHKXhp6Iyfl6nHecrSFK6YzGBCQeqOPoc86igrG5FIL3CvHsD0f+6Qh1VFYNgpUz08rfP6sUHj+zG7YgAoH2Hdc6EVv6I4WWIBoIWMOG9F4RIou4ZLnNczhq9wO5UjnSFg="}
02392{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389749,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ApXG95NL5kBKB+riCABFAAXcBRsAAH8GHDMKZgACCmUAAgBQb1ebu\/F\/m7vpyFAYgAHL\/gAAgCTjk6WgOk+Yuhte8YCoqJM+Dky\/zcMPdjmAy1qchxlt2GLgEfd9OLdw8XoSkvVGjtfwPBEmjtye9l\/muGR2+aTR0qa0i9hFqOXRIbugmqzkVWkv2XInt0ev7u6mkBUY+wtU6bVlovsbE81RUSyySq\/dhWgKWSqcBbLPn317\/gzRgrvQZg1QYEOIhkfkJeTY1cnQMFlu1upVbhc1G4h2hHgrWuwSCN00Qov3coixxK1JtBD9l5yz4ZDPZrgeh0Nec1bPfDk0w6omU7lXDWg7a8FWcEi9UMjnaSxU4Jai+boQRc\/UTtFvDdSYuCyeptYacRvVkBDDE43yQRlpxDS9EdZASnCd5kKj1pBYO95aX0lDlqQfs4ggbuUbSjFJDmkmhpUEJuIuhNUBs+ANgQOyqpBC0rIRNo2B3RD44IWQnCBLFaH5mnol1Ie5aghtKA\/cKTpy\/KGhQRmejyBDo2U5qlEQmonc6wIGWVNK8AWiQZn9N9nWhR7vDtw1qk92wSm7VKCz7hzbcsBq0B4awjrzS6N1rPkFHwR7iS\/7rkFsvZATIirUtzYEEAisHuqGRC7xXOhoc\/VkUeB6tGwIzCYoBH4qAQ5gckLzArpGGPVY1\/HoCnweC0wXeEpv3uX6fTU8UknPW0lNoDopbEyQN1KUeA0clDK1fa4xn+rZAo6Us8CUHnDLjILnamu2PfgV6jqdS5tMxIHRj9aFXD6I2Csp0Cvd78LXBJ05o8AE5\/nF8IeoC1oxBbDwA8qjGXVYMmwlZExUqLfjcEmoEBw5lhCtEKbIdDyLUqH7TUmRp4hVANgohHMmUNguRMMQFGl5MS8sA49gVxuCLM9ZIjmO1exGC\/o1TL6NAKnAagMkGFkVrughwm0eE0slbmgmdmzVG9UjnlYsTYu1KHjQl2EXAMupzXNIo7f264LKRB2SSfbGg7rmf853lKzBFy6zQn+Sm2CU4OaYoE+jiCHAqiCKDUTHZzqeugMpKcU+HjsuAHQ2a46tmYZ23RBmYLcWolWAwMS1sSm2dL0XtnmZzj644U21GLz1A1i\/YhFCwjJYP+AdcDICcUZD8BakGU7PqmWVDAuEhbBAmIUFwiwsEMKwAFAS4E3HuTbIDNAcn7Y7AKJi6KSLA+J3TUIR8OH0rf4yVPJdaALRwpuL4\/cNYY3uGBDLE6ozCT2MZUg16XiKjDdQh4889KS4SZFRCgOxftyFh4T+wpwkFPg08COBCxxJLeKodHuUtPpRPrL7mfYqtFFD1Vu1HKImNPhEFvGHDqwKkALUZ7BwnRULd+Sx7VE9BNRrGaCFMN0\/RLGMCGXijQirMyC76NvC5T5kIUqsoxBk8sjqD2HJWy2OM4nI2BZpNPI0xJgmxHm\/Ghpza15+tjNx8Sgqtag6q3OqJbxQqvtKGchxYBfuQ0TGnd5RqcVapiasFfOk9ijwE6spEuaNgJi0GkJ0E0pAFr41iT2gHCsl8D50d4MyDym62KGq4xls\/8ElJsCwMQk37hRJqoe7HYqSuuMXb2cUi+12cu+kOLoVQoAUcT3HszYk2rXq3ArMlPp44EUj4OlwEA51UwkSc+Irdyvlw31AZtACFMicJtFtqqTUAMy7HVPvQZzEGfAu+5COeYizsVnXmc5BnMWVsaHUwytMa1\/uxmpA90opz6zb5pwAspk5I85oxs4ozEX8RPmVDMl3ZWhjhJrkeWjoOrFjtjQcs8+Uv0BNwf2svb6wuFfYuXXobdPRZSDwZmgRYpzJFYuR2ADAp4A\/HhuyaemvhusrMLVJ+muiznA1p+0tL+whL+5jplp+ugkvhG59huRX+C26XsBbtUxzhvh2XsiVYn0j2Maa\/3zTYFHkDuhVQ8k12Q3se5FjwWlEjt0Ivxc5GtlG1Ojt9HsRC+1zRO+MZxMkM39zGMpnPDe\/zT0PYF4cluin+YnH77\/R+J3aPU8URfRQOJ8="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614860229389,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389866,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390049,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390052,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}

4024
test/results/alexa-app.pcapng.out
View File

File diff suppressed because it is too large Load Diff

10
test/results/among_us.pcap.out
View File

@@ -1,8 +1,8 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"}
00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -16,5 +16,5 @@
~~ total allocations/frees...: 35339/35339
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 132 chars
~~ json string max len.......: 514 chars
~~ json string avg len.......: 385 chars
~~ json string max len.......: 525 chars
~~ json string avg len.......: 390 chars

10
test/results/amqp.pcap.out
View File

@@ -1,13 +1,13 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":118902,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":118933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00553{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119100,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puNAAEAGlN5\/AAEBfwAAARYorK03ECYST3RmbIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00827{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119203,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjxi9AAEAGdGN\/AAABfwABAaytFihPdGZsNxAmEoAYAV4AWAAAAQEICgC+1cIAvtXCAwABAAABJ3sic3dfc3lzIjogIkxpbnV4IiwgImNsb2NrIjogMzkxNzI1LCAidGltZXN0YW1wIjogMTQ5MDkwNDE2Ni4xMTg1ODMsICJob3N0bmFtZSI6ICJjZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tIiwgInBpZCI6IDE4OTQsICJzd192ZXIiOiAiMy4xLjE4IiwgInV0Y29mZnNldCI6IDAsICJsb2FkYXZnIjogWzAuNzgsIDAuNTYsIDAuNDJdLCAicHJvY2Vzc2VkIjogMTEzOTQyLCAiYWN0aXZlIjogMCwgImZyZXEiOiAyLjAsICJ0eXBlIjogIndvcmtlci1oZWFydGJlYXQiLCAic3dfaWRlbnQiOiAicHktY2VsZXJ5In3O"}
00421{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puRAAEAGlN1\/AAEBfwAAARYorK03ECYST3Rnm4AQSe7\/KAAAAQEICgC+1cIAvtXC"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490904166119,"flow_last_seen":0,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01023{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119482,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"}
00479{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":120866,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"AAAAAAAAAAAAAAAACABFAABdxjBAAEAGdWh\/AAABfwABAaytFihPdGebNxAmEoAYAV7\/UQAAAQEICgC+17YAvtXCAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
@@ -18,9 +18,9 @@
00423{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pudAAEAGlNp\/AAEBfwAAARYorK03ECYST3RpU4AQSe7\/KAAAAQEICgC+17YAvte2"}
01024{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121405,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00422{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121417,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMRAAEAGHv5\/AAABfwABAaysFiigc2eMnpKk34AQDjX\/KAAAAQEICgC+17YAvte2"}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152163,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00422{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
00614{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152378,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
00422{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152388,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sJAAEAGZP9\/AAEBfwAAARYorK7a34rgiptOuIAQDAj\/KAAAAQEICgC+2LgAvti4"}

1164
test/results/android.pcap.out
View File

File diff suppressed because it is too large Load Diff

793
test/results/anyconnect-vpn.pcap.out
View File

@@ -1,50 +1,50 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569687240992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687240,"pkt_ts_usec":992580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":9657,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
00429{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":9749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569687241064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":64503,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":422303,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00583{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":425059,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
00430{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":425121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00416{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":452023,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="}
00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":656833,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":657102,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="}
00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00448{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":68210,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":271196,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="}
00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":476020,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="}
00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00447{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687243,"pkt_ts_usec":71120,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
00447{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687244,"pkt_ts_usec":72384,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/84KwAAAgQFtAEDAwUBAQgKHA11ZQAAAAAEAgAA"}
00584{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687244,"pkt_ts_usec":524070,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":251202,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00474{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":288531,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUAABAADYRoh9LS0xMCgAA4wA1zo8AQIZKjEmBgAABAAEAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAcAMAAEAAQAAADwABAglZls="}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":295996,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABE77wAAEAR6XMKAADjS0tLS+\/LADUAMHT3LLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":320461,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADoRnt9LS0tLCgAA4wA178sAgY60LLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":321860,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEwHQAAEARF7sKAADjS0tMTPNyADUAMHBPLLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":366723,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569687245379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":379692,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
00440{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420271,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
00434{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
@@ -61,15 +61,15 @@
02322{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":547931,"pkt_caplen":1459,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1459,"pkt_l4_len":1425,"pkt":"NDY7z3UoLH6BsEqhCABFAAWl6qEAAPcGWk4IJWZbCgAA4wG73lYzzSfiE2g2x4AYgAA9NgAAAQEICj\/5WkYAAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwAEDgAAAA=="}
01217{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00435{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":547999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80tU4AQ\/\/9AjQAAAQEIChwNex8\/+VpG"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":576189,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":576934,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="}
00900{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":596440,"pkt_caplen":408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":408,"pkt_l4_len":374,"pkt":"LH6BsEqhNDY7z3UoCABFAAGKAABAAEAGwAsKAADjCCVmW95WAbsTaDbHM80tU4AY\/\/+pJAAAAQEIChwNe04\/+VpGFgMDAQYQAAECAQBsGBLkfL+pTkLuJ1AGgMIFnah3sJlpMkzTBhiBUkjpMre1KpRGE6w5Vmh9mcRB8P2Z8iG+UJzjZhjxHKRMYI5\/HPqcNr7CwGjqxrHR8FpuukXr9KhtIzqsYfPNi4pKssz\/gboMgnK\/bH57fbMLH\/rl6Qbv+fL7TA82mmjPN0WTwWVrJUZAqyTnsUmZmpz4spFwoCJ6nU1L30wm66b9gA+e\/QX872qDo2wjvVQD8nLbP3BDVlBv2d+whR0Yx96Z8M95eNSEiq2kcSvHswPGAF1s5Fy\/Sgy+cu89iEXO3Cw7LvVg0czWvLRHTMoLLnjh0xr4QdBfhIAvFyx0cdTgHvuBFAMDAAEBFgMDAED7PFToWcuLeoMQBnfP0Z9XYdJUO2BBPTVQ39crvefndrJDQ5lSDQcQkDJTJ4R9W4JY3EjS+QSozFQVTKljyW1m"}
00537{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":636713,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"NDY7z3UoLH6BsEqhCABFAAB\/iREAAPcGwQQIJWZbCgAA4wG73lYzzS1TE2g4HYAYgACVLQAAAQEICj\/5Wp8cDXtOFAMDAAEBFgMDAEDllkG1IAug8S8sqM3n3iNS1LNB5MMCdyEdPjW7AL1gumzcUkXoZwb0oNzL6RTaSsQw4gsOBWyCNoSplvvWDSXv"}
00432{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":649655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"}
00431{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":653537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569687245688,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":688240,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
00440{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":727730,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
00435{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":727790,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
@@ -92,29 +92,29 @@
00585{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":426088,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKSqauVqJ4AYEABWlgAAAQEIChwNfn0AIdVKFwMDAGltB4Q9ZE7MwMLqA\/qW5WJXb0PHNtCROrUMkJHw\/OP719Jk7orSFs9TCm756O7SILnP3vnstuJ4xPfpszSDO6LW4XcEaWDlp33D\/dMihM\/bvEZuYHMlrzKnK9TylV815IAQKWsax0+Dp+A="}
00581{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":428911,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAJAAEAGENsKAACVCgAA4x9J3ABq5WonuFSlGIAYARXEpwAAAQEICgAh1z8cDX59FwMDAGnSDUBTzxnFH9ckBLkGJJxtZYOnnoJTcPtGWYx7fflTVjXPGvnWJvT5kELd8Dyk7N8gqq17Y91Gw5NO81U2bwcOEaqqMVk4vbp1wYVpe8wc5fgUWL03+X7m6bLc5s5fILREqdmBY0Re1KI="}
00432{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":428970,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKUYauVqlYAQD\/yxKgAAAQEIChwNfn8AIdc\/"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":891499,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":924862,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"NDY7z3UoLH6BsEqhCABFAAB+AABAADYRofVLS0xMCgAA4wA19oMAah4oGBiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAAAyoAQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjpQAAABwgAAAOEAAk6gAABUYA="}
00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":924910,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"LH6BsEqhNDY7z3UoCABFAAA4dQYAAEABY0UKAADjS0tMTAMDBdoAAAAARQAAfgAAQAA2EaH1S0tMTAoAAOMANfaDAGoAAA=="}
00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00554{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":981850,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"AQBeAAD7GIEORo7ICABFAACMDQUAAP8RwosKAADV4AAA+xTpFOkAeGDHAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmjqBDkaOyBiBDkaOyA=="}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982027,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u70AAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00584{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982031,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgLwcAAAECCvoKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982614,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAg0EsAAAECaLwKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00715{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":192802,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00523{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":306185,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
00519{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":306306,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
00432{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":340869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN9AACoGyS80JfOtCgAA4wG73lJr8i58e2gzdoAQAAkYLwAAAQEICgJgYh4cDYHp"}
@@ -123,43 +123,35 @@
00433{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8NAACsGUUs0JfOtCgAA4wG73lNw7dXlH\/3wXoAQAAnnrAAAAQEICgCNhpAcDYHp"}
00520{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347888,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzy8RAACsGUQs0JfOtCgAA4wG73lNw7dXlH\/3wXoAYAAmExgAAAQEICgCNhpAcDYHpFwMDADoscoyH7e3mD0YV5j76bq2IiuIC\/UPtlNWvhrdB63Msjxv0jshQMl60ISItlU90x5KX0HExOJgiVTIM"}
00434{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5TAbsf\/fBecO3WJIAQD\/7XUAAAAQEIChwNghEAjYaQ"}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":596034,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00585{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":596449,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00593{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":5698,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00625{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":6173,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="}
00467{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":620045,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00416{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":612686,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":612686,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00432{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":631596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"}
00432{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":631602,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
00585{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687250,"pkt_ts_usec":667991,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":177008,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00560{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":230505,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"NDY7z3UoLH6BsEqhCABFAACPAABAADYRoeRLS0xMCgAA4wA11kMAe\/FSpheBgwABAAAAAQAABXByaW50BnZpYXNhdANjb20AAAEAAcASAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBkAAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":429955,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKUYauVqlYAYEACLWQAAAQEIChwNkfYAIdc\/FwMDAGnBoRpnSakDpbbtOO1oFQFMvTatXfQ13YvHj0oLfGJl9JpWlsgauBFeoA7+JlmFrD8o9ELaYLgs9RsfLxNGWM8Fap769GXl+TuJe1SDZT7YsErPd9vuIVPm60SZhhH5VOfnzBgNpzDOaYk="}
00582{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":432009,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFANAAEAGENoKAACVCgAA4x9J3ABq5WqVuFSlhoAYARVo3QAAAQEICgAh2TMcDZH2FwMDAGnME9q5WBaoTxO4eWqtx9PaFo02Fc3nfPNp8pF7vSt+swHbhi70yI0wIgY4irdjppeso7+tYJgVpxy3Dq7WX32l1ccQW5M5AFGSshc12Yls9xl2CLpSmG1mEsWpkHkZoEdQqG0j2ZVcEiM="}
00432{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":432069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKWGauVrA4AQD\/ya4QAAAQEIChwNkfgAIdkz"}
00585{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687253,"pkt_ts_usec":740196,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687255,"pkt_ts_usec":989610,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3enMAAP8RnsgKAADjS0tMTOMrADUAI5+UjycBAAABAAAAAAAABXNsYWNrA2NvbQAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00460{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":18232,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="}
00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569687256018,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":18732,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
00443{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50128,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
00431{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
@@ -189,68 +181,60 @@
00433{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687258,"pkt_ts_usec":21922,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5TAbsf\/fCdcO3WY4AQD\/6i5QAAAQEIChwNq5EAjZD9"}
00555{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":269679,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="}
00583{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":270105,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00715{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":297056,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00715{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":297056,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00585{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":679362,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00417{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":694130,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00416{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":694131,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00432{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":710445,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJtAADgGjt+4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvGjAAAAQEICuMVH+AcDWN7"}
00432{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":715492,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJlAADcGE+K4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPOM2AAAAQEICuMVH+UcDWOU"}
00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293660,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293706,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00408{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293660,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00407{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293706,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00595{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":294255,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsLkIAAP8RoS4KAADV4AAA+xTpFOkAmDTPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00627{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":294693,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8UAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260469,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":469013,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00432{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":489093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00476{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521340,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00433{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGkA8KAADjI8l8Cd5OAbsN94zYsPePtIAQD\/8+iwAAAQEIChwNtUwGQOpe"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687260591,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":591875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00450{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620412,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00432{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
00637{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620743,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"LH6BsEqhNDY7z3UoCABFAADIAABAAEAGxmYKAADjCCVgwt5ZEL8UzEFpFmR7PIAYEAijywAAAQEIChwNta14pr9kFgMBAI8BAACLAwMD1fZJLnU2wbbg4p6uNb1F++uvR9\/ndJiHrNU+USXu3wAADsAwwCjAFMAJwBMAMwD\/AQAAVAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAg=="}
00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00435{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":655570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0E\/NAAPEGAgcIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAQBDAdWQAAAQEICnimv4YcDbWt"}
02212{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667151,"pkt_caplen":1374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1374,"pkt_l4_len":1340,"pkt":"NDY7z3UoLH6BsEqhCABFAAVQE\/lAAPEG\/OQIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAYBDDc3gAAAQEICnimv5AcDbWtFgMDAF0CAABZAwMaAXyK9KQuuGETu8cld9JV+FK0SGZRa7CR6lzcsmkkxyBhHCxWTv40pUYrPrn3znrxjXuLJZACYw3f0K4HrVcFssAwAAAR\/wEAAQAACwAEAwABAgAXAAAWAwMDPAsAAzgAAzUAAzIwggMuMIICFqADAgECAgg\/CBLhDwTMuTANBgkqhkiG9w0BAQsFADBXMRswGQYDVQQDDBI4MTM4NDU2NTcwMDMzMzk4MzgxDzANBgNVBAoMBkNvZGU0MjENMAsGA1UECwwEVEVTVDELMAkGA1UECAwCTU4xCzAJBgNVBAYTAlVTMB4XDTE5MDgyOTAwMTI0MFoXDTE5MTAwODAwMTI0MFowVzEbMBkGA1UEAwwSODEzODQ1NjU3MDAzMzM5ODM4MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM61Q49djLnJMOmkIF0ll0F\/YDwr0sJF\/HQcSR5fSdw7EdXfDbna6x6jdhxE3Qn9gu2zsKj9DdoI9x8pHf25SLIxWtWtVXw64g9Cp6Akq6ue6XUldOaLIbFwakz0yvQNQHH4InGpGhOI0r\/JKwLXHTVarq8xZxz1qic9dGtps1TA1LnKt1ghcAC9UIhSSffTCRd3Hsuy9tV+rAge2xQcSFu5jpM3jMoIhFZ64uHnyNVlB\/PvazPdCIc\/da6TNg09oFSH\/qcSJW25ei7RChN\/n+1Y9ZZlpthcccET79wBa7HyRx3NeKMXBXMjRpZ5jHAXjnoyo9EGU5NYfQfrfADRdd0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaWilMnLLGQ2gXstlhQSHl0BxH9M1oZmy0zk+yCz0sx7sp4N4CzNfdXnzRNI1nOOjvmDOnoK\/rjhx5CHC5BKV8qXQgywjLv6TpvGuwR9ek3LBZZJgG6pIgEiCQy4fR4d0eonjwAPqjoL3IN6\/RLFeqp9yodmk0KnOElyg7\/70JrdDnAIUs\/fmFwqS5e9nnGF6lD+dFubpkplRTiN\/2sgrSN5o5wq\/jZw9\/jv07RNxswZ5b\/Xd\/m0seIx6S1aem4yFFpkW0ITMdscZToISSQJH21J82w7v+XjWmRg8mKpjueRaAmkWA0zA0X3yGm4a1zZlebgdFsP+1JTYS0\/4f7yL4hYDAwEsDAABKAMAHSCydU7QFYlE7imdhqa9AKGI8iMYpyccCRVwdMVtjxjGHAgEAQAOARPwkWMmg0R+fWFN8NRAQUSZPBqQ+HjdO1UI\/nFIojvvLcZsbxvEaJchrGKOwGbSsdK7ByPKFgf4xrxfWdx2lNjk0e9lLlSj20fPMXT0xD27Ai3JNC25GENTyTLxYdyFsANrA8WgEjo\/iRVH7lEYalpVjfagu0RxdU3ZUg2ouUrRkO8szgI+\/GQEOrUzC8+QTDEY9Md++ju1GWO07jJJf\/OlJg4H696Xgf+QXL0iAe5WMgucOeJioRMeA4H9BQGTv5XmpzqP\/6JX0BzGjc\/BbpIF2EPv\/T+uQX1X6A8Kw18ZHBNrHocnkRYb3DnvtB5Jzn0dqWmkTJauRfEbYX3tFgMDADoNAAA2AwECQAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgAAFgMDAAQOAAAA"}
01124{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00432{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEH9FmSAWIAQD98MVwAAAQEIChwNtdp4pr+Q"}
02051{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":671440,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"LH6BsEqhNDY7z3UoCABFAATfAABAAEAGwk8KAADjCCVgwt5ZEL8UzEH9FmSAWIAYEACreAAAAQEIChwNtd54pr+QFgMDAzwLAAM4AAM1AAMyMIIDLjCCAhagAwIBAgIIXsE90hYB3ZMwDQYJKoZIhvcNAQELBQAwVzEbMBkGA1UEAwwSODIwMDYzNDY3NTA1NTk2OTQ1MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzAeFw0xOTA5MjcxNzA4NTRaFw0xOTExMDYxODA4NTRaMFcxGzAZBgNVBAMMEjgyMDA2MzQ2NzUwNTU5Njk0NTEPMA0GA1UECgwGQ29kZTQyMQ0wCwYDVQQLDARURVNUMQswCQYDVQQIDAJNTjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYNZF26UjF+3XnUaEzq2uKuy6YckvZ5n1IhrUyH4zqRE0C5g\/BsCIvfkEE6TyupFQ4zMe+ASrbcfCFfmBXZn9EyO2y6o\/sbnd8HsF6Z3UUaKSHlnlxaRxv\/MedjLtwG3XZYZEuxpfay\/LAaGwVqFVP5hmYDEfjOT5Kd74arwkz4pyderrG697sUGTrgCw8fop3RymVwWeulqkHzdgm7wmvL9lgHGTFqzcYpnLz+ZplicVnyMy+m80fxpxNgKXAZDHsqfWX9O9dJf4wZXeSCnnj1yopzf5V0fJrs8CZKxE3rFS0er1ulRBi99xbJBI+1qCBTWPfbh7D6ri04FydMXJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADsP0enuURs3RrXlAMTbQYO4wqobE2iXacBBrHaoyhepONSqo9LJeswi9sR0mW4u8pQnbYOlqS86pZKJPoTQxLjJStpwWaMckOoZFubAOcmKEg5Fv169c+tWMJLBEOBJdKU+YhDNjTpdiszbuzRV1IHnW5omZjzz8Xlq\/EtTVq5IFr01PSptO6Lm620bDTyzWb8zuoR+aK9zZ6MQSmapuxkhs6wI45NLCWPcDd+k2WXJTNEg0Ni9b9vWGyMSDvTr5jaKQL3SfcBzMGcs+ugkma3W7YyJos32zARkMqALlPxyp6ikFzYWStXBSoncv9kD5Q\/7BjaQOWjN+t4i3EVf\/eQWAwMAJRAAACEgEWtqWgfGgf7lXlCr+zcvsN4Qgt8lveG0WfR54DQFHDMWAwMBCA8AAQQIBAEAsWffEwMziaZMvL09fBehHeaMPCBPy4zOPiqMony+6Xiwx9LtzC8X8PPN4kszu6J82D28ZzGdS0R89EmGsI54fPcJb4xdJXHhRNCGJvvagm0RXsKnXJu5TU04COJlg2eWmUZFQVDXUl8lzLNpSqlDx60dYVxm\/ehx3oZkHZVz\/SX31RUux10n+FZ9kNjiYSOsnpXHHqbA1wtdNL02a3oAPazweDlxd5JS+FooA\/KVtL\/VXaGFNFM\/iUgYzUBE8FRRITZ6ZcwQjyrEKyQYJ+JZV8Z8cG3OgQJ2rRH2lrIPbNOPiuvdzqYfnVZRBXfOC9\/\/VUqYskdiTTJ69u\/\/fmCexhQDAwABARYDAwAoYHY4Vgfv4X8IKyXCBRgV3egp4WmNBU+ZqlfDhPXew9ZtGk+\/14sACw=="}
00433{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":700295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FQFAAPEGAPkIJWDCCgAA4xC\/3lkWZIBYFMxGqIAQBVoSBwAAAQEICnimv7YcDbXe"}
00506{"flow_id":33,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":703258,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"NDY7z3UoLH6BsEqhCABFAABnFQJAAPEGAMUIJWDCCgAA4xC\/3lkWZIBYFMxGqIAYBVrYdAAAAQEICnimv7gcDbXeFAMDAAEBFgMDACg7dB3xmvKsFEH\/K1fakcw6GRzltlckKapF\/elLCgSM6vaL+Iyl+b5k"}
00434{"flow_id":33,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":703339,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEaoFmSAi4AQD\/4HEAAAAQEIChwNtfx4pr+4"}
01040{"flow_id":33,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":704807,"pkt_caplen":510,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":510,"pkt_l4_len":476,"pkt":"LH6BsEqhNDY7z3UoCABFAAHwAABAAEAGxT4KAADjCCVgwt5ZEL8UzEaoFmSAi4AYEAAu7wAAAQEIChwNtf14pr+4FwMDAbdgdjhWB+\/hgLh+jK23J36VZvUSbpVsO2rZopXPnB1sE1m\/n44SG4\/0Ukq22hErOkjUJNIQ72Mb5bruOQs7UT6AXj521xlXzouMdeBn\/\/tWR8RApAGmte953YCBMevJUfa\/piZefm7Ad6vn1VcbEcYft07M9AC3IK6MCqBWDilHrrYSYctEGiJ0gEMNHiJlN4xU4jMi5y6Y1Ii7RE5ePOqGptRw+H\/++5VzMQjiifTNwrhkB6rxQXgvJmSrx8MCxIoHYLmmptRaltbA3ROzFYXyBly1JaGC\/uv3MfEVrkm6eClCxuRppVpOwnVPvstTTTkwf+YXF9C\/cVgBRt3ithkJCjaW3o+\/7MIB7acMtzo\/Gd+vNJpCmkdik6BrWeZJEnFSEdFLhuqtrYGQEbbaq+F9v2RICzwmvmmwSOKMeEP2HhuIc4OEBR8aPilwyGEMi3ATc29N7dDnZeC3Z9Zu1rvn0s8Yvi8raMX\/4McNEUqy+shXRUlx34ACJOllyHP+e97qAipUQWKq3pskOEKHsUClOW75XN3mTZt+tdqLUVrGnKOuCM8dBz+SxZ++31bXjONN9TmkqQle"}
00434{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":733797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FUNAAPEGALcIJWDCCgAA4xC\/3lkWZICLFMxIZIAQBckPaQAAAQEICnimv9ccDbX9"}
00991{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735527,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"pkt":"NDY7z3UoLH6BsEqhCABFAAHPFVhAAPEG\/wYIJWDCCgAA4xC\/3lkWZICLFMxIZIAYBcklXQAAAQEICnimv9kcDbX9FwMDAZY7dB3xmvKsFbpSGU5Z6+l16NuHUzEljEDzWYBP7ZWZDOZTGoZRttKdAB5qRWccWgycvaITMQnNtQn+P8N1Kg9uCikre4MryKs805hwnDbcg75H4yMsR7wuQFgTs3ao0XS512SZmYqnk5GfxR8tkIzviZsmpjxotnNqt1hJbce9L+zE12\/gtwBS\/A0RRY+P7kulc8bdxkXBQAHdXgFrz+qkBT2QjVQ49lNTuiWwY4CPM3DxJovwKuacISr23vMoR08eScybdrbrMeWidZ3LeIoKrXIMea0uS8qmp8H74Xl0uHJSlt+tNY\/eOZOUMz3Rh3Rure\/HjO1mQn073Oj0H1Xou7mBj6XUhyzMVXfmTDCt6Qbnwx13I6w1ibQVWsSRt+UVC7JZQYtyT+rTqV3dImDfT89H3ss5j1zUag41AW2R1hw9XRp9WLwHdLVjvIjtxtfr2OF2abRO1GDx6aJHg4pEb6MyIgcACB8qRr\/m29KEEUlyOt5y5XgodVs9fr8EAuCcviQ8QI47peMxp0wW+xrCU3vLaizy"}
00435{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEhkFmSCJoAQD\/MDhAAAAQEIChwNtht4pr\/Z"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751472,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751544,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":767487,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00699{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":772510,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":34277,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":35342,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":50458,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":54561,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":469013,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00432{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":489093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00476{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521340,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00433{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGkA8KAADjI8l8Cd5OAbsN94zYsPePtIAQD\/8+iwAAAQEIChwNtUwGQOpe"}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":591875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00450{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620412,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00432{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
00637{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620743,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"LH6BsEqhNDY7z3UoCABFAADIAABAAEAGxmYKAADjCCVgwt5ZEL8UzEFpFmR7PIAYEAijywAAAQEIChwNta14pr9kFgMBAI8BAACLAwMD1fZJLnU2wbbg4p6uNb1F++uvR9\/ndJiHrNU+USXu3wAADsAwwCjAFMAJwBMAMwD\/AQAAVAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAg=="}
00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00435{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":655570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0E\/NAAPEGAgcIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAQBDAdWQAAAQEICnimv4YcDbWt"}
02212{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667151,"pkt_caplen":1374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1374,"pkt_l4_len":1340,"pkt":"NDY7z3UoLH6BsEqhCABFAAVQE\/lAAPEG\/OQIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAYBDDc3gAAAQEICnimv5AcDbWtFgMDAF0CAABZAwMaAXyK9KQuuGETu8cld9JV+FK0SGZRa7CR6lzcsmkkxyBhHCxWTv40pUYrPrn3znrxjXuLJZACYw3f0K4HrVcFssAwAAAR\/wEAAQAACwAEAwABAgAXAAAWAwMDPAsAAzgAAzUAAzIwggMuMIICFqADAgECAgg\/CBLhDwTMuTANBgkqhkiG9w0BAQsFADBXMRswGQYDVQQDDBI4MTM4NDU2NTcwMDMzMzk4MzgxDzANBgNVBAoMBkNvZGU0MjENMAsGA1UECwwEVEVTVDELMAkGA1UECAwCTU4xCzAJBgNVBAYTAlVTMB4XDTE5MDgyOTAwMTI0MFoXDTE5MTAwODAwMTI0MFowVzEbMBkGA1UEAwwSODEzODQ1NjU3MDAzMzM5ODM4MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM61Q49djLnJMOmkIF0ll0F\/YDwr0sJF\/HQcSR5fSdw7EdXfDbna6x6jdhxE3Qn9gu2zsKj9DdoI9x8pHf25SLIxWtWtVXw64g9Cp6Akq6ue6XUldOaLIbFwakz0yvQNQHH4InGpGhOI0r\/JKwLXHTVarq8xZxz1qic9dGtps1TA1LnKt1ghcAC9UIhSSffTCRd3Hsuy9tV+rAge2xQcSFu5jpM3jMoIhFZ64uHnyNVlB\/PvazPdCIc\/da6TNg09oFSH\/qcSJW25ei7RChN\/n+1Y9ZZlpthcccET79wBa7HyRx3NeKMXBXMjRpZ5jHAXjnoyo9EGU5NYfQfrfADRdd0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaWilMnLLGQ2gXstlhQSHl0BxH9M1oZmy0zk+yCz0sx7sp4N4CzNfdXnzRNI1nOOjvmDOnoK\/rjhx5CHC5BKV8qXQgywjLv6TpvGuwR9ek3LBZZJgG6pIgEiCQy4fR4d0eonjwAPqjoL3IN6\/RLFeqp9yodmk0KnOElyg7\/70JrdDnAIUs\/fmFwqS5e9nnGF6lD+dFubpkplRTiN\/2sgrSN5o5wq\/jZw9\/jv07RNxswZ5b\/Xd\/m0seIx6S1aem4yFFpkW0ITMdscZToISSQJH21J82w7v+XjWmRg8mKpjueRaAmkWA0zA0X3yGm4a1zZlebgdFsP+1JTYS0\/4f7yL4hYDAwEsDAABKAMAHSCydU7QFYlE7imdhqa9AKGI8iMYpyccCRVwdMVtjxjGHAgEAQAOARPwkWMmg0R+fWFN8NRAQUSZPBqQ+HjdO1UI\/nFIojvvLcZsbxvEaJchrGKOwGbSsdK7ByPKFgf4xrxfWdx2lNjk0e9lLlSj20fPMXT0xD27Ai3JNC25GENTyTLxYdyFsANrA8WgEjo\/iRVH7lEYalpVjfagu0RxdU3ZUg2ouUrRkO8szgI+\/GQEOrUzC8+QTDEY9Md++ju1GWO07jJJf\/OlJg4H696Xgf+QXL0iAe5WMgucOeJioRMeA4H9BQGTv5XmpzqP\/6JX0BzGjc\/BbpIF2EPv\/T+uQX1X6A8Kw18ZHBNrHocnkRYb3DnvtB5Jzn0dqWmkTJauRfEbYX3tFgMDADoNAAA2AwECQAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgAAFgMDAAQOAAAA"}
01124{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00432{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEH9FmSAWIAQD98MVwAAAQEIChwNtdp4pr+Q"}
02051{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":671440,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"LH6BsEqhNDY7z3UoCABFAATfAABAAEAGwk8KAADjCCVgwt5ZEL8UzEH9FmSAWIAYEACreAAAAQEIChwNtd54pr+QFgMDAzwLAAM4AAM1AAMyMIIDLjCCAhagAwIBAgIIXsE90hYB3ZMwDQYJKoZIhvcNAQELBQAwVzEbMBkGA1UEAwwSODIwMDYzNDY3NTA1NTk2OTQ1MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzAeFw0xOTA5MjcxNzA4NTRaFw0xOTExMDYxODA4NTRaMFcxGzAZBgNVBAMMEjgyMDA2MzQ2NzUwNTU5Njk0NTEPMA0GA1UECgwGQ29kZTQyMQ0wCwYDVQQLDARURVNUMQswCQYDVQQIDAJNTjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYNZF26UjF+3XnUaEzq2uKuy6YckvZ5n1IhrUyH4zqRE0C5g\/BsCIvfkEE6TyupFQ4zMe+ASrbcfCFfmBXZn9EyO2y6o\/sbnd8HsF6Z3UUaKSHlnlxaRxv\/MedjLtwG3XZYZEuxpfay\/LAaGwVqFVP5hmYDEfjOT5Kd74arwkz4pyderrG697sUGTrgCw8fop3RymVwWeulqkHzdgm7wmvL9lgHGTFqzcYpnLz+ZplicVnyMy+m80fxpxNgKXAZDHsqfWX9O9dJf4wZXeSCnnj1yopzf5V0fJrs8CZKxE3rFS0er1ulRBi99xbJBI+1qCBTWPfbh7D6ri04FydMXJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADsP0enuURs3RrXlAMTbQYO4wqobE2iXacBBrHaoyhepONSqo9LJeswi9sR0mW4u8pQnbYOlqS86pZKJPoTQxLjJStpwWaMckOoZFubAOcmKEg5Fv169c+tWMJLBEOBJdKU+YhDNjTpdiszbuzRV1IHnW5omZjzz8Xlq\/EtTVq5IFr01PSptO6Lm620bDTyzWb8zuoR+aK9zZ6MQSmapuxkhs6wI45NLCWPcDd+k2WXJTNEg0Ni9b9vWGyMSDvTr5jaKQL3SfcBzMGcs+ugkma3W7YyJos32zARkMqALlPxyp6ikFzYWStXBSoncv9kD5Q\/7BjaQOWjN+t4i3EVf\/eQWAwMAJRAAACEgEWtqWgfGgf7lXlCr+zcvsN4Qgt8lveG0WfR54DQFHDMWAwMBCA8AAQQIBAEAsWffEwMziaZMvL09fBehHeaMPCBPy4zOPiqMony+6Xiwx9LtzC8X8PPN4kszu6J82D28ZzGdS0R89EmGsI54fPcJb4xdJXHhRNCGJvvagm0RXsKnXJu5TU04COJlg2eWmUZFQVDXUl8lzLNpSqlDx60dYVxm\/ehx3oZkHZVz\/SX31RUux10n+FZ9kNjiYSOsnpXHHqbA1wtdNL02a3oAPazweDlxd5JS+FooA\/KVtL\/VXaGFNFM\/iUgYzUBE8FRRITZ6ZcwQjyrEKyQYJ+JZV8Z8cG3OgQJ2rRH2lrIPbNOPiuvdzqYfnVZRBXfOC9\/\/VUqYskdiTTJ69u\/\/fmCexhQDAwABARYDAwAoYHY4Vgfv4X8IKyXCBRgV3egp4WmNBU+ZqlfDhPXew9ZtGk+\/14sACw=="}
00433{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":700295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FQFAAPEGAPkIJWDCCgAA4xC\/3lkWZIBYFMxGqIAQBVoSBwAAAQEICnimv7YcDbXe"}
00506{"flow_id":30,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":703258,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"NDY7z3UoLH6BsEqhCABFAABnFQJAAPEGAMUIJWDCCgAA4xC\/3lkWZIBYFMxGqIAYBVrYdAAAAQEICnimv7gcDbXeFAMDAAEBFgMDACg7dB3xmvKsFEH\/K1fakcw6GRzltlckKapF\/elLCgSM6vaL+Iyl+b5k"}
00434{"flow_id":30,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":703339,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEaoFmSAi4AQD\/4HEAAAAQEIChwNtfx4pr+4"}
01040{"flow_id":30,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":704807,"pkt_caplen":510,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":510,"pkt_l4_len":476,"pkt":"LH6BsEqhNDY7z3UoCABFAAHwAABAAEAGxT4KAADjCCVgwt5ZEL8UzEaoFmSAi4AYEAAu7wAAAQEIChwNtf14pr+4FwMDAbdgdjhWB+\/hgLh+jK23J36VZvUSbpVsO2rZopXPnB1sE1m\/n44SG4\/0Ukq22hErOkjUJNIQ72Mb5bruOQs7UT6AXj521xlXzouMdeBn\/\/tWR8RApAGmte953YCBMevJUfa\/piZefm7Ad6vn1VcbEcYft07M9AC3IK6MCqBWDilHrrYSYctEGiJ0gEMNHiJlN4xU4jMi5y6Y1Ii7RE5ePOqGptRw+H\/++5VzMQjiifTNwrhkB6rxQXgvJmSrx8MCxIoHYLmmptRaltbA3ROzFYXyBly1JaGC\/uv3MfEVrkm6eClCxuRppVpOwnVPvstTTTkwf+YXF9C\/cVgBRt3ithkJCjaW3o+\/7MIB7acMtzo\/Gd+vNJpCmkdik6BrWeZJEnFSEdFLhuqtrYGQEbbaq+F9v2RICzwmvmmwSOKMeEP2HhuIc4OEBR8aPilwyGEMi3ATc29N7dDnZeC3Z9Zu1rvn0s8Yvi8raMX\/4McNEUqy+shXRUlx34ACJOllyHP+e97qAipUQWKq3pskOEKHsUClOW75XN3mTZt+tdqLUVrGnKOuCM8dBz+SxZ++31bXjONN9TmkqQle"}
00434{"flow_id":30,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":733797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FUNAAPEGALcIJWDCCgAA4xC\/3lkWZICLFMxIZIAQBckPaQAAAQEICnimv9ccDbX9"}
00991{"flow_id":30,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735527,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"pkt":"NDY7z3UoLH6BsEqhCABFAAHPFVhAAPEG\/wYIJWDCCgAA4xC\/3lkWZICLFMxIZIAYBcklXQAAAQEICnimv9kcDbX9FwMDAZY7dB3xmvKsFbpSGU5Z6+l16NuHUzEljEDzWYBP7ZWZDOZTGoZRttKdAB5qRWccWgycvaITMQnNtQn+P8N1Kg9uCikre4MryKs805hwnDbcg75H4yMsR7wuQFgTs3ao0XS512SZmYqnk5GfxR8tkIzviZsmpjxotnNqt1hJbce9L+zE12\/gtwBS\/A0RRY+P7kulc8bdxkXBQAHdXgFrz+qkBT2QjVQ49lNTuiWwY4CPM3DxJovwKuacISr23vMoR08eScybdrbrMeWidZ3LeIoKrXIMea0uS8qmp8H74Xl0uHJSlt+tNY\/eOZOUMz3Rh3Rure\/HjO1mQn073Oj0H1Xou7mBj6XUhyzMVXfmTDCt6Qbnwx13I6w1ibQVWsSRt+UVC7JZQYtyT+rTqV3dImDfT89H3ss5j1zUag41AW2R1hw9XRp9WLwHdLVjvIjtxtfr2OF2abRO1GDx6aJHg4pEb6MyIgcACB8qRr\/m29KEEUlyOt5y5XgodVs9fr8EAuCcviQ8QI47peMxp0wW+xrCU3vLaizy"}
00435{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEhkFmSCJoAQD\/MDhAAAAQEIChwNtht4pr\/Z"}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751472,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00690{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751544,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00686{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":767487,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00699{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":772510,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":34277,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"}
00681{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":35342,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"}
00682{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":50458,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":54561,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":317606,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB23NkAAP8R8swKAADV4AAA+xTpFOkAYmA6AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAyAAcAMAAyAAQhfYWlycGxhecASAAyAAcAoAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00583{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
@@ -259,32 +243,32 @@
00585{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":436307,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKX0auVrcYAYEABPswAAAQEIChwNuMkAIdsnFwMDAGkquNBHUc+ChscXrUtRgCMYZjRJVOaQbTlODQaeY5amqm\/GjUiqzcV41wRmui04E3RqPf8DL0M0lIjsIbM19o\/m74SCL79srfXk80arhJGRlFMGMhcIdyIAYFhKQmR+T8ve+Kap9JlvJLM="}
00585{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":438389,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAVAAEAGENgKAACVCgAA4x9J3ABq5WtxuFSmYoAYARVPTQAAAQEICgAh3RwcDbjJFwMDAGk+N0ALJRzLafZuvouf5uUs5D\/U0tzAEaeM6atOPCHqQy7mpl9mt8bavf1mAJLusCbLzj5NJ+78e5L239EIVOnh5iS5h\/9VQOkeND9rF9xLGZBWJl3sT7DKnf23IQJYNAQU58BplPorNjw="}
00433{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":438465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKZiauVr34AQD\/xubQAAAQEIChwNuMsAId0c"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":485620,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":486499,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":501464,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":506389,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":485620,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"}
00681{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":486499,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"}
00682{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":501464,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":506389,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00522{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":136971,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB2VcMAAP8ReeMKAADV4AAA+xTpFOkAYmE7AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAwAAcAMAAwAAQhfYWlycGxhecASAAwAAcAoAAwAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00554{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":137295,"pkt_caplen":152,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":152,"pkt_l4_len":98,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AGIR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QBivDEAAAAAAAQAAAAAAAEFX3Jhb3AEX3RjcAVsb2NhbAAADAABwAwADAABCF9haXJwbGF5wBIADAABwCgADAABAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00585{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":751378,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1569687262866,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866211,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00741{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866958,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00456{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866959,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
00514{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866960,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"LH6BsEqhNDY7z3UoCABFAABwAABAAEAGYS4KAADjot4rmd4xAbu3QBzV9S8yS4AYEABPBwAAAQEIChwNvkTkAuRNLTIzODY1fGNvbS5jb2RlNDIuYmFja3VwLm1lc3NhZ2UuYmFja3VwLkJhY2t1cFN0b3BwZWRNZXNzYWdl"}
00456{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866960,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QB0R9S8yS4AYEADIjwAAAQEIChwNvkTkAuRNRQ1ifkkVkNnk0YE1teSo+A=="}
00477{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866961,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"LH6BsEqhNDY7z3UoCABFAABUAABAAEAGYUoKAADjot4rmd4xAbu3QB0h9S8yS4AYEAAhRwAAAQEIChwNvkTkAuRNHuF\/Al5FNwM4471Fk+MWxK07D9Qza39tA746URV9VhY="}
00432{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":907841,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEBAADYGzymi3iuZCgAA4wG73jH1LzJLt0Ab44AQAVQHkQAAAQEICuQC+50cDb5E"}
00432{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":907846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEFAADYGzyii3iuZCgAA4wG73jH1LzJLt0AcxYAQAVoGqQAAAQEICuQC+50cDb5E"}
00432{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":908823,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEJAADYGzyei3iuZCgAA4wG73jH1LzJLt0Ac1YAQAVoGmQAAAQEICuQC+50cDb5E"}
00433{"flow_id":40,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":909886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nENAADYGzyai3iuZCgAA4wG73jH1LzJLt0AdEYAQAVoGXQAAAQEICuQC+50cDb5E"}
00433{"flow_id":40,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":909890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nERAADYGzyWi3iuZCgAA4wG73jH1LzJLt0AdIYAQAVoGTQAAAQEICuQC+50cDb5E"}
00433{"flow_id":40,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":912219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEVAADYGzySi3iuZCgAA4wG73jH1LzJLt0AdQYAQAVoGLAAAAQEICuQC+54cDb5E"}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866211,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00741{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866958,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00456{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866959,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
00514{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866960,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"LH6BsEqhNDY7z3UoCABFAABwAABAAEAGYS4KAADjot4rmd4xAbu3QBzV9S8yS4AYEABPBwAAAQEIChwNvkTkAuRNLTIzODY1fGNvbS5jb2RlNDIuYmFja3VwLm1lc3NhZ2UuYmFja3VwLkJhY2t1cFN0b3BwZWRNZXNzYWdl"}
00456{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866960,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QB0R9S8yS4AYEADIjwAAAQEIChwNvkTkAuRNRQ1ifkkVkNnk0YE1teSo+A=="}
00477{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866961,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"LH6BsEqhNDY7z3UoCABFAABUAABAAEAGYUoKAADjot4rmd4xAbu3QB0h9S8yS4AYEAAhRwAAAQEIChwNvkTkAuRNHuF\/Al5FNwM4471Fk+MWxK07D9Qza39tA746URV9VhY="}
00432{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":907841,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEBAADYGzymi3iuZCgAA4wG73jH1LzJLt0Ab44AQAVQHkQAAAQEICuQC+50cDb5E"}
00432{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":907846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEFAADYGzyii3iuZCgAA4wG73jH1LzJLt0AcxYAQAVoGqQAAAQEICuQC+50cDb5E"}
00432{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":908823,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEJAADYGzyei3iuZCgAA4wG73jH1LzJLt0Ac1YAQAVoGmQAAAQEICuQC+50cDb5E"}
00433{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":909886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nENAADYGzyai3iuZCgAA4wG73jH1LzJLt0AdEYAQAVoGXQAAAQEICuQC+50cDb5E"}
00433{"flow_id":37,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":909890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nERAADYGzyWi3iuZCgAA4wG73jH1LzJLt0AdIYAQAVoGTQAAAQEICuQC+50cDb5E"}
00433{"flow_id":37,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":912219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0nEVAADYGzySi3iuZCgAA4wG73jH1LzJLt0AdQYAQAVoGLAAAAQEICuQC+54cDb5E"}
00595{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687263,"pkt_ts_usec":365639,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsdwMAAP8RWG0KAADV4AAA+xTpFOkAmDfPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4NABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00627{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687263,"pkt_ts_usec":366249,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYksUAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADg0AFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00523{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":208977,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB2\/EIAAP8R02MKAADV4AAA+xTpFOkAYmE7AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAwAAcAMAAwAAQhfYWlycGxhecASAAwAAcAoAAwAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
@@ -294,49 +278,49 @@
00434{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":656518,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8ZAACsGUUg0JfOtCgAA4wG73lNw7dZjH\/3w3oAQAAmN4QAAAQEICgCNmHIcDcjU"}
00433{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":657346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VOJAACoGySw0JfOtCgAA4wG73lJr8i76e2gz9oAQAAm+YQAAAQEICgJgdAIcDcjU"}
00585{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":823334,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":35097,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00440{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77459,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00435{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
00643{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":79534,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"LH6BsEqhNDY7z3UoCABFAADMAABAAEAGwMkKAADjCCVmW95hAbsGNnxNzhMA9oAY\/\/8upgAAAQEIChwNzp0\/+a5OFgMBAJMBAACPAwPfZ7WFHXaroFdgiVVapTjr1SY5uqwiS6qMuNeoYJyORwAALMAwwCzAKMAkAJ8AawA5AJ0APQA1wC\/AK8AnwCMAngBnADMAnAA8AC8ACgD\/AQAAOgALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00433{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":124375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA09J0AAPcGVcMIJWZbCgAA4wG73mHOEwD2BjZ85YAQgABx9gAAAQEICj\/5rn0cDc6d"}
02388{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125585,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcl8UAAPcGrPMIJWZbCgAA4wG73mHOEwD2BjZ85YAYgAAZSQAAAQEICj\/5rn4AAAAAFgMDAEoCAABGAwMS1dWiLhj30tQHka2clXwBubFYxsGakjI80hE4lMe1viAg22YFfj1x2h1EMb7b7Zs3Eyk9zl0UXNWLnU3ttyeOkAA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
00854{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00436{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMGnoAQ\/\/\/sIAAAAQEIChwNzso\/+a5+"}
02385{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165921,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc\/u0AAPcGRcsIJWZbCgAA4wG73mHOEwaeBjZ85YAYgACJBAAAAQEICj\/5rqUAAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02381{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165925,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcuXcAAPcGi0EIJWZbCgAA4wG73mHOEwxGBjZ85YAYgAAKqAAAAQEICj\/5rqUAAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00437{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMMRoAQ\/\/\/mKQAAAQEIChwNzvI\/+a6l"}
00437{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMR7oAQ\/\/\/ggQAAAQEIChwNzvI\/+a6l"}
02396{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203156,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcsBcAAPcGlKEIJWZbCgAA4wG73mHOExHuBjZ85YAYgACupAAAAQEICj\/5rs0AAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwSWDQAEjgIBQAAOBgEGAwUBBQMEAQQDAgEEeQB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiY="}
01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01932{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203162,"pkt_caplen":1181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1181,"pkt_l4_len":1147,"pkt":"NDY7z3UoLH6BsEqhCABFAASPwEcAAPcGhb4IJWZbCgAA4wG73mHOExeWBjZ85YAYgACVIAAAAQEICj\/5rs0AAAAAiZPyLGQBGRYGdmlhc2F0MRQwEgYKCZImiZPyLGQBGRYEY29ycDESMBAGCgmSJomT8ixkARkWAmhxMRowGAYDVQQDExFWaWFzYXQgU0hBIDIgQ0EtMwB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiaJk\/IsZAEZFgZ2aWFzYXQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRIwEAYKCZImiZPyLGQBGRYCaHExGjAYBgNVBAMTEVZpYXNhdCBTSEEgMiBDQS0yAHUwczETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnZpYXNhdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxEjAQBgoJkiaJk\/IsZAEZFgJocTEaMBgGA1UEAxMRVmlhc2F0IFNIQSAyIENBLTEAITAfMR0wGwYDVQQDExRWaWFzYXQgU0hBIDIgUm9vdCBDQQDBMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgC9MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLALMwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQC4MIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMw4AAAA="}
00437{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMXloAQ\/\/\/ajAAAAQEIChwNzxc\/+a7N"}
00437{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMb8YAQ\/\/\/WMQAAAQEIChwNzxc\/+a7N"}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":35097,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00440{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77459,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00435{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
00643{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":79534,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"LH6BsEqhNDY7z3UoCABFAADMAABAAEAGwMkKAADjCCVmW95hAbsGNnxNzhMA9oAY\/\/8upgAAAQEIChwNzp0\/+a5OFgMBAJMBAACPAwPfZ7WFHXaroFdgiVVapTjr1SY5uqwiS6qMuNeoYJyORwAALMAwwCzAKMAkAJ8AawA5AJ0APQA1wC\/AK8AnwCMAngBnADMAnAA8AC8ACgD\/AQAAOgALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00433{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":124375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA09J0AAPcGVcMIJWZbCgAA4wG73mHOEwD2BjZ85YAQgABx9gAAAQEICj\/5rn0cDc6d"}
02388{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125585,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcl8UAAPcGrPMIJWZbCgAA4wG73mHOEwD2BjZ85YAYgAAZSQAAAQEICj\/5rn4AAAAAFgMDAEoCAABGAwMS1dWiLhj30tQHka2clXwBubFYxsGakjI80hE4lMe1viAg22YFfj1x2h1EMb7b7Zs3Eyk9zl0UXNWLnU3ttyeOkAA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
00854{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00436{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMGnoAQ\/\/\/sIAAAAQEIChwNzso\/+a5+"}
02385{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165921,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc\/u0AAPcGRcsIJWZbCgAA4wG73mHOEwaeBjZ85YAYgACJBAAAAQEICj\/5rqUAAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02381{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165925,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcuXcAAPcGi0EIJWZbCgAA4wG73mHOEwxGBjZ85YAYgAAKqAAAAQEICj\/5rqUAAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00437{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMMRoAQ\/\/\/mKQAAAQEIChwNzvI\/+a6l"}
00437{"flow_id":38,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMR7oAQ\/\/\/ggQAAAQEIChwNzvI\/+a6l"}
02396{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203156,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcsBcAAPcGlKEIJWZbCgAA4wG73mHOExHuBjZ85YAYgACupAAAAQEICj\/5rs0AAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwSWDQAEjgIBQAAOBgEGAwUBBQMEAQQDAgEEeQB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiY="}
01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01932{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203162,"pkt_caplen":1181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1181,"pkt_l4_len":1147,"pkt":"NDY7z3UoLH6BsEqhCABFAASPwEcAAPcGhb4IJWZbCgAA4wG73mHOExeWBjZ85YAYgACVIAAAAQEICj\/5rs0AAAAAiZPyLGQBGRYGdmlhc2F0MRQwEgYKCZImiZPyLGQBGRYEY29ycDESMBAGCgmSJomT8ixkARkWAmhxMRowGAYDVQQDExFWaWFzYXQgU0hBIDIgQ0EtMwB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiaJk\/IsZAEZFgZ2aWFzYXQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRIwEAYKCZImiZPyLGQBGRYCaHExGjAYBgNVBAMTEVZpYXNhdCBTSEEgMiBDQS0yAHUwczETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnZpYXNhdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxEjAQBgoJkiaJk\/IsZAEZFgJocTEaMBgGA1UEAxMRVmlhc2F0IFNIQSAyIENBLTEAITAfMR0wGwYDVQQDExRWaWFzYXQgU0hBIDIgUm9vdCBDQQDBMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgC9MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLALMwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQC4MIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMw4AAAA="}
00437{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMXloAQ\/\/\/ajAAAAQEIChwNzxc\/+a7N"}
00437{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMb8YAQ\/\/\/WMQAAAQEIChwNzxc\/+a7N"}
00520{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":286861,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDP2a\/Iu+oAYEACCzQAAAQEIChwNz2oCYHQCFwMDADoAAAAAAAAAB7TF6ysJtS62rG9nufpvlCPdT42N4ZN6t9sYhLoWHYOoHQvLEDm6j84VBW0nca1Gx5So"}
00433{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":322277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VONAACoGySs0JfOtCgAA4wG73lJr8i76e2g0NYAQAAm17AAAAQEICgJgdaIcDc9q"}
00521{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":323332,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzVORAACoGyOs0JfOtCgAA4wG73lJr8i76e2g0NYAYAAmvvAAAAQEICgJgdaIcDc9qFwMDADr34AORZ\/mswQrOpB6saZ5OTdZLtVApkLcu7nvjHL4ZxtsMSNce\/N0YGd0SLA8DL+PkoKYgkm4G3tEm"}
00435{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":323402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5SAbt7aDQ1a\/IvOYAQD\/6llQAAAQEIChwNz40CYHWi"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00432{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":454953,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00432{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":455039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":477342,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":481295,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00432{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":454953,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00432{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":455039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":477342,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":481295,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00848{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":482821,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnyhkAAEAGtC4KAADjuBk4Td40AFBjyKiBGk9l7oAYEABAcgAAAQEIChwN0CfjFR\/lR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00840{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":483863,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiADsAAEAGfhIKAADjuBk4Td5VAFBor5yuCT1EPYAYEAk5BQAAAQEIChwN0CjjFR\/gR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00461{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":493135,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00671{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":500594,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00461{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":493135,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00671{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":500594,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00947{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":507386,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJpAADcGEmG4GThNCgAA4wBQ3jQaT2XuY8iptIAYAPx2eQAAAQEICuMVPlUcDdAnSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00434{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":507460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKm0Gk9nboAQD\/TwCAAAAQEIChwN0D\/jFT5V"}
00947{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":512411,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0uJxAADgGjV64GThNCgAA4wBQ3lUJPUQ9aK+d3IAYAPOwEAAAAQEICuMVPlkcDdAoSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
@@ -344,288 +328,295 @@
00847{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":514776,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKm0Gk9nboAYEAAfMQAAAQEIChwN0EXjFT5VR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00947{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":539325,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJtAADcGEmC4GThNCgAA4wBQ3jQaT2duY8iq54AYAQRzgAAAAQEICuMVPnUcDdBFSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00434{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":539385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKrnGk9o7oAQD\/TtGAAAAQEIChwN0FzjFT51"}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267677,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":677665,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00484{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713276,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00435{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00432{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":764612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":797747,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799414,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799516,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":800486,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="}
00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":677665,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00484{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713276,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00435{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00432{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":764612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":797747,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799414,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799516,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"}
00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":800486,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="}
00688{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00848{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":802917,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKrnGk9o7oAYEAAbSAAAAQEIChwN0VvjFT51R0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":805043,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":812729,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00647{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":814292,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="}
00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":805043,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="}
00681{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":812729,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00647{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":814292,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="}
00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00948{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818781,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJxAADcGEl+4GThNCgAA4wBQ3jQaT2juY8isGoAYAQ1ulQAAAQEICuMVP44cDdFbSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00779{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818785,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="}
00706{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00779{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818785,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="}
00706{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00434{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKwaGk9qboAQD\/ToPgAAAQEIChwN0WrjFT+O"}
00603{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":819793,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00506{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820816,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00416{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00432{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0+WVAADUGn84ROZB0CgAA4xRn3jZl3bfmMRy43IARARmo0AAAAQEICtWmYt0cDdFW"}
00416{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00603{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":824238,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":831823,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267841,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":841212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00502{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847611,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00468{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847625,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":851029,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":865600,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00433{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":881275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687267988,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":988009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":991361,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00431{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":26329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00603{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":819793,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00506{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820816,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00416{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00432{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0+WVAADUGn84ROZB0CgAA4xRn3jZl3bfmMRy43IARARmo0AAAAQEICtWmYt0cDdFW"}
00416{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00603{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":824238,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":831823,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":841212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00502{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847611,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00468{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847625,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":851029,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":865600,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00433{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":881275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":988009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":991361,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00431{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":26329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00847{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":53551,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKwaGk9qboAYEAAWhQAAAQEIChwN0lLjFT+OR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00838{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":57131,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiEVkAAEAGbPQKAADjuBk4Td5VAFBor53cCT1FvYAYEAAVugAAAQEIChwN0lXjFT5ZR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
00947{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":73855,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJ1AADcGEl64GThNCgAA4wBQ3jQaT2puY8itTYAYARVp4wAAAQEICuMVQI0cDdJSSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":77677,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":77677,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00946{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":86320,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0uJ1AADgGjV24GThNCgAA4wBQ3lUJPUW9aK+fCoAYAPyo7AAAAQEICuMVQJgcDdJVSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00433{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":86394,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td5VAFBor58KCT1HPYAQD\/QiegAAAQEIChwN0nDjFUCY"}
00432{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":176732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
00489{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":255035,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"LH6BsEqhNDY7z3UoCABFAABbAABAAEAGh94KAADjNApz0t4vAbv\/h0RDal\/Pm4AYEAAiawAAAQEIChwN0xUwQSW5FwMDACIAAAAAAAAABOSiEtX++2wFU+QPmxUY3GRLet\/12fHye+Na"}
00483{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":288187,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWVAAOsGv3w0CnPSCgAA4wG73i9qX8+b\/4dEaoAYAHZkqAAAAQEICjBBJkkcDdMVFwMDAB60PFmzucBfQpbZG5fkhGLdfsdJy9p7QpDrf7iqgfM="}
00435{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":288257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGiAUKAADjNApz0t4vAbv\/h0Rqal\/PvoAQD\/4QNwAAAQEIChwN0zYwQSZJ"}
00432{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":176732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
00489{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":255035,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"LH6BsEqhNDY7z3UoCABFAABbAABAAEAGh94KAADjNApz0t4vAbv\/h0RDal\/Pm4AYEAAiawAAAQEIChwN0xUwQSW5FwMDACIAAAAAAAAABOSiEtX++2wFU+QPmxUY3GRLet\/12fHye+Na"}
00483{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":288187,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWVAAOsGv3w0CnPSCgAA4wG73i9qX8+b\/4dEaoAYAHZkqAAAAQEICjBBJkkcDdMVFwMDAB60PFmzucBfQpbZG5fkhGLdfsdJy9p7QpDrf7iqgfM="}
00435{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":288257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGiAUKAADjNApz0t4vAbv\/h0Rqal\/PvoAQD\/4QNwAAAQEIChwN0zYwQSZJ"}
00520{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":303691,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzsJwAAEAGlzMKAADjNCXzrd5TAbsf\/fDecO3WY4AYEAAQHgAAAQEIChwN00UAjZhyFwMDADoAAAAAAAAACEzGPPJ3Kcu6RavuCPBDM8XTcgluoyj+7Z3MIZ+UxsM4YZLkjnm2tNIw1TP+GkWg18Gv"}
00434{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339493,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8dAACsGUUc0JfOtCgAA4wG73lNw7dZjH\/3xHYAQAAmAkwAAAQEICgCNmxAcDdNF"}
00521{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339498,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzy8hAACsGUQc0JfOtCgAA4wG73lNw7dZjH\/3xHYAYAAl3vQAAAQEICgCNmxAcDdNFFwMDADoscoyH7e3mEaLj9szbkWqqmEqDlelG3R9AcZ4tJ3XN64I60DPQ058YYyhPfpVvx4TCC6nlGIJyOZ\/k"}
00435{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0x1cAAEAGgLcKAADjNCXzrd5TAbsf\/fEdcO3WooAQD\/5wPAAAAQEIChwN02gAjZsQ"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":376485,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":559574,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687268746,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":746220,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":747509,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":787837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAenAAAAQEIChwN1R8GksZO"}
00464{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":789706,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"}
00564{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":790107,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="}
00656{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":836308,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYxf0AAPcRg7QIJWZbCgAA4wG701sAxPjiFgEAAAAAAAAAAAEAUgIAAEYAAQAAAAAARgEALUKlqOqp+9af1GcxChS4QXaLYgzyjV+CMRoD1u04EzMgm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AOQAUAQAAAAAAAAAAAgADAQACFgEAAAEAAAAAAAAAQD8tH8NZsi0zp5KqIEac2zndlXephyhcvDs6uk0ts\/C74lCOOKMP7cl2vA0Fdivj2Vu+P3CxRTCYlcHvZh6mgEM="}
00528{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":837070,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"LH6BsEqhNDY7z3UoCABFAAB5ttQAAEARSj0KAADjCCVmW9NbAbsAZSHLFAEAAAAAAAAAAAIAAwEAAhYBAAABAAAAAAAAAEB13T5lRIw++YjQQ3Qkoyswag+IeQZwzjpfo12O7l1Xcp3w\/UpkhLeZaAWDRsXTNSL+R32oH3qj2v2CyHpmZrLD"}
00573{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":850848,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZG00AAEAR5aQKAADjCCVmW9NbAbsAhSBxFwEAAAEAAAAAAAEAcJAp8TP5L9aIAzjZZH+8T1estbsDYKyCkdkhe7+UIBVsNqyejSSkPEU7ONW2iokPbFMvxRUeCNaw\/RBrJMSNbsKC3EuMrgGykf+U9Wpz8EHY6SCoix9y+LnSEFWosh2QWwehPeVhCuFY\/xnfwN3j9dY="}
00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00573{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873245,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZ5VoAAEARG5cKAADjCCVmW9NbAbsAhSuuFwEAAAEAAAAAAAIAcIroYcS3\/qjlLAJ5hVgNA24x6wrtxtbMm99puobFdI66KucUrXLCm27CpIExufGVwJVqf2dvO9CVHHSBup6yXTyxuJs4l0NHL\/QivpVOwo7lEHdJCThBbAs8Wx+IU5suN7IEDaosnRxSWsC2AMv9YUg="}
00575{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873381,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZfpEAAEARgmAKAADjCCVmW9NbAbsAhXmZFwEAAAEAAAAAAAMAcDzvmPLtB4V20+vs+Pcr7Wx7iMFNIgDukd6WG4O587T8V7dCFBodz9a9s7xVrA3ERlsVnzccWHU51YiWyOFePh6Fd3h3UTko6Na4xxDhX5uGJ0Xd7XUu\/x6Q+cY0WD4xtC+shdVmC\/8lPH\/\/WjPzLa4="}
00702{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881674,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"NDY7z3UoLH6BsEqhCABFAAD54UEAAPcRaE8IJWZbCgAA4wG701sA5YSXFwEAAAEAAAAAAAEA0LaEehtTZv8b2CA+a2IlOUc+Bvbq1lzEFnHAPMXuajrB85eB1MKeGzW3VNDRQWRwwuxJPQ2mMwZHhCjKnrmWW5KS2qzAK+qFSujGSVdmMGee\/7OHdHST79gz89tgHJxfuyBQfhXTys1q1mdON9ThMXarq+ChjYzv1lGnip9ves8v5LamEWf6T4IWeU4PuLdBbrziDg0Q71+FePE\/DDBfGX+DD21\/jcgPrUfagJMgvz+9HTnoOO9cEAORFAF9xsHc0X3haTRRd5VwQoJZPeiTVCM="}
00640{"flow_id":61,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881677,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"NDY7z3UoLH6BsEqhCABFAADJ1N8AAPcRdOEIJWZbCgAA4wG701sAtf2iFwEAAAEAAAAAAAIAoJWe2p35kGmfrEo4F3leJjn3j4r1xM7nc7JIQnXHHmyTh0FmmIlM9zTT+cjBgqP\/4YSp30pK\/M9ivi\/nNfBeQS4VQpJ9ow9UBufxaAW7k6gSLO9qRRZJHOflrKtXIRpmqfDWoVXLlTz2sA5m5W6kzXS9BT+w4hra5mZ9T7Mvwb7BsSwwHNheo1+hOFtvFidLl\/ymSV6QeqezlRlYqRflE1w="}
00644{"flow_id":61,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881678,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"NDY7z3UoLH6BsEqhCABFAADJsq8AAPcRlxEIJWZbCgAA4wG701sAtWKPFwEAAAEAAAAAAAMAoCZ5fA\/WJVcpp3g69CPnMWAN6FiyDe8lRdJUl1drBF2zUdazOAOhRXSEi\/RlpkLWMNn1yDpr9CExt7zA\/osjteZVcFi1c8I2ZsMOVHH1mL4kgvDSdipKYFeu7ykTjwZtNQV4\/FVY7FH\/SIusECU9+teK1lt\/IksfSUT\/QnedeTLEfVyP7HAwmnU7huP9ivAs5oOSh\/ps0mTKFIVB5SntE4Y="}
00639{"flow_id":61,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881858,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"NDY7z3UoLH6BsEqhCABFAADJhq8AAPcRwxEIJWZbCgAA4wG701sAtY3TFwEAAAEAAAAAAAQAoHeKGZxBW1Q4pABJMTSX3LUbHu34OICOIbBrwnlOoqSFAGNgRLcSSvCSkoPEWiSx6yLOL++0WFQ\/\/cnvli67B1U1bN0KNW7pxo4I+bqkXjfZ8xBCFGbjxJJVfLSVw+5J4bqy3vY1bqKQCFlRfiQY5q4UuIaq+3kXHFQwCb5UNxTuIQqeQUCbZOsX6Aw1\/GTECatE4XqDtUkdwJuL9GpXIz4="}
00616{"flow_id":61,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881861,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"NDY7z3UoLH6BsEqhCABFAAC5u7MAAPcRjh0IJWZbCgAA4wG701sApUJkFwEAAAEAAAAAAAUAkG5KNuk+EZOV1nNxmMR0wghy2Q+h3ttKxHQgKNRewJXyNdIBQKiYywiPhtcFIX0WgeskclTE0KCF9mQ+j5N66vLDvZbqTEkY8iyv5BP3Jra3vtiRG37SSrw1GENZNXr0O1GPc0Ry6bJ72MxSeUAA2Za5tPJV00oHfWupVTa1384uF+19TdK92Lxe5ukdC6G4yA=="}
00554{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882274,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"LH6BsEqhNDY7z3UoCABFAACJOdIAAEARxy8KAADjCCVmW9NbAbsAddrCFwEAAAEAAAAAAAQAYKkcQctvWgGrvdO\/PrYGLApIwYpWUheFZjMVzufzIRAcKjKNazs\/06ngcZiPVgUqhcX84s760euS8M3xIrDvpCKFzKSAjWoh4pylx4pwlItuT3UmopW385XbWJ+K1TtL4A=="}
00573{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882458,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZw3kAAEARPXgKAADjCCVmW9NbAbsAhfRMFwEAAAEAAAAAAAUAcAguDkNAFEpmjyLWL5ulA2X4vi7kL33Wj73almtX8jli+B8jjvqpmzC3x2W92joDZtuks\/EfbirzWU8ByPtXmm6aWQxjNAvCnmxuCC3eMGkqUoaqRSBLGTcN8OkSIzWZ47yqEaMjNbN1k4XgAqL+7M8="}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":376485,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":559574,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":746220,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":747509,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":787837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAenAAAAQEIChwN1R8GksZO"}
00464{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":789706,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"}
00564{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":790107,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="}
00656{"flow_id":58,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":836308,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYxf0AAPcRg7QIJWZbCgAA4wG701sAxPjiFgEAAAAAAAAAAAEAUgIAAEYAAQAAAAAARgEALUKlqOqp+9af1GcxChS4QXaLYgzyjV+CMRoD1u04EzMgm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AOQAUAQAAAAAAAAAAAgADAQACFgEAAAEAAAAAAAAAQD8tH8NZsi0zp5KqIEac2zndlXephyhcvDs6uk0ts\/C74lCOOKMP7cl2vA0Fdivj2Vu+P3CxRTCYlcHvZh6mgEM="}
00528{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":837070,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"LH6BsEqhNDY7z3UoCABFAAB5ttQAAEARSj0KAADjCCVmW9NbAbsAZSHLFAEAAAAAAAAAAAIAAwEAAhYBAAABAAAAAAAAAEB13T5lRIw++YjQQ3Qkoyswag+IeQZwzjpfo12O7l1Xcp3w\/UpkhLeZaAWDRsXTNSL+R32oH3qj2v2CyHpmZrLD"}
00573{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":850848,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZG00AAEAR5aQKAADjCCVmW9NbAbsAhSBxFwEAAAEAAAAAAAEAcJAp8TP5L9aIAzjZZH+8T1estbsDYKyCkdkhe7+UIBVsNqyejSSkPEU7ONW2iokPbFMvxRUeCNaw\/RBrJMSNbsKC3EuMrgGykf+U9Wpz8EHY6SCoix9y+LnSEFWosh2QWwehPeVhCuFY\/xnfwN3j9dY="}
00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00573{"flow_id":58,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873245,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZ5VoAAEARG5cKAADjCCVmW9NbAbsAhSuuFwEAAAEAAAAAAAIAcIroYcS3\/qjlLAJ5hVgNA24x6wrtxtbMm99puobFdI66KucUrXLCm27CpIExufGVwJVqf2dvO9CVHHSBup6yXTyxuJs4l0NHL\/QivpVOwo7lEHdJCThBbAs8Wx+IU5suN7IEDaosnRxSWsC2AMv9YUg="}
00575{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873381,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZfpEAAEARgmAKAADjCCVmW9NbAbsAhXmZFwEAAAEAAAAAAAMAcDzvmPLtB4V20+vs+Pcr7Wx7iMFNIgDukd6WG4O587T8V7dCFBodz9a9s7xVrA3ERlsVnzccWHU51YiWyOFePh6Fd3h3UTko6Na4xxDhX5uGJ0Xd7XUu\/x6Q+cY0WD4xtC+shdVmC\/8lPH\/\/WjPzLa4="}
00702{"flow_id":58,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881674,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"NDY7z3UoLH6BsEqhCABFAAD54UEAAPcRaE8IJWZbCgAA4wG701sA5YSXFwEAAAEAAAAAAAEA0LaEehtTZv8b2CA+a2IlOUc+Bvbq1lzEFnHAPMXuajrB85eB1MKeGzW3VNDRQWRwwuxJPQ2mMwZHhCjKnrmWW5KS2qzAK+qFSujGSVdmMGee\/7OHdHST79gz89tgHJxfuyBQfhXTys1q1mdON9ThMXarq+ChjYzv1lGnip9ves8v5LamEWf6T4IWeU4PuLdBbrziDg0Q71+FePE\/DDBfGX+DD21\/jcgPrUfagJMgvz+9HTnoOO9cEAORFAF9xsHc0X3haTRRd5VwQoJZPeiTVCM="}
00640{"flow_id":58,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881677,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"NDY7z3UoLH6BsEqhCABFAADJ1N8AAPcRdOEIJWZbCgAA4wG701sAtf2iFwEAAAEAAAAAAAIAoJWe2p35kGmfrEo4F3leJjn3j4r1xM7nc7JIQnXHHmyTh0FmmIlM9zTT+cjBgqP\/4YSp30pK\/M9ivi\/nNfBeQS4VQpJ9ow9UBufxaAW7k6gSLO9qRRZJHOflrKtXIRpmqfDWoVXLlTz2sA5m5W6kzXS9BT+w4hra5mZ9T7Mvwb7BsSwwHNheo1+hOFtvFidLl\/ymSV6QeqezlRlYqRflE1w="}
00644{"flow_id":58,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881678,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"NDY7z3UoLH6BsEqhCABFAADJsq8AAPcRlxEIJWZbCgAA4wG701sAtWKPFwEAAAEAAAAAAAMAoCZ5fA\/WJVcpp3g69CPnMWAN6FiyDe8lRdJUl1drBF2zUdazOAOhRXSEi\/RlpkLWMNn1yDpr9CExt7zA\/osjteZVcFi1c8I2ZsMOVHH1mL4kgvDSdipKYFeu7ykTjwZtNQV4\/FVY7FH\/SIusECU9+teK1lt\/IksfSUT\/QnedeTLEfVyP7HAwmnU7huP9ivAs5oOSh\/ps0mTKFIVB5SntE4Y="}
00639{"flow_id":58,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881858,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"NDY7z3UoLH6BsEqhCABFAADJhq8AAPcRwxEIJWZbCgAA4wG701sAtY3TFwEAAAEAAAAAAAQAoHeKGZxBW1Q4pABJMTSX3LUbHu34OICOIbBrwnlOoqSFAGNgRLcSSvCSkoPEWiSx6yLOL++0WFQ\/\/cnvli67B1U1bN0KNW7pxo4I+bqkXjfZ8xBCFGbjxJJVfLSVw+5J4bqy3vY1bqKQCFlRfiQY5q4UuIaq+3kXHFQwCb5UNxTuIQqeQUCbZOsX6Aw1\/GTECatE4XqDtUkdwJuL9GpXIz4="}
00616{"flow_id":58,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881861,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"NDY7z3UoLH6BsEqhCABFAAC5u7MAAPcRjh0IJWZbCgAA4wG701sApUJkFwEAAAEAAAAAAAUAkG5KNuk+EZOV1nNxmMR0wghy2Q+h3ttKxHQgKNRewJXyNdIBQKiYywiPhtcFIX0WgeskclTE0KCF9mQ+j5N66vLDvZbqTEkY8iyv5BP3Jra3vtiRG37SSrw1GENZNXr0O1GPc0Ry6bJ72MxSeUAA2Za5tPJV00oHfWupVTa1384uF+19TdK92Lxe5ukdC6G4yA=="}
00554{"flow_id":58,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882274,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"LH6BsEqhNDY7z3UoCABFAACJOdIAAEARxy8KAADjCCVmW9NbAbsAddrCFwEAAAEAAAAAAAQAYKkcQctvWgGrvdO\/PrYGLApIwYpWUheFZjMVzufzIRAcKjKNazs\/06ngcZiPVgUqhcX84s760euS8M3xIrDvpCKFzKSAjWoh4pylx4pwlItuT3UmopW385XbWJ+K1TtL4A=="}
00573{"flow_id":58,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882458,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZw3kAAEARPXgKAADjCCVmW9NbAbsAhfRMFwEAAAEAAAAAAAUAcAguDkNAFEpmjyLWL5ulA2X4vi7kL33Wj73almtX8jli+B8jjvqpmzC3x2W92joDZtuks\/EfbirzWU8ByPtXmm6aWQxjNAvCnmxuCC3eMGkqUoaqRSBLGTcN8OkSIzWZ47yqEaMjNbN1k4XgAqL+7M8="}
00586{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":895259,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1569687269094,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":94582,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":223066,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00640{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":559943,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687269561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":561873,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687269562,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":562299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00444{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563567,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00432{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00771{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563819,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"pHczjPFANDY7z3UoCABFAAEvAABAAEAGJFIKAADjCgAAld56H0gqQcObfIBtdoAYEBUO5QAAAQEIChwN2AIAIeBIR0VUIC9zc2RwL2RldmljZS1kZXNjLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE0OTo4MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.149","url":"10.0.0.149:8008\/ssdp\/device-desc.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00432{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0jT9AAEAGmA0KAACVCgAA4x9I3np8gG12KkHEloAQAPO1RgAAAQEICgAh4EkcDdgC"}
00444{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567040,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00433{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
00759{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567320,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"2DE0IHf7NDY7z3UoCABFAAEmAABAAEAGJFkKAADjCgAAl957H3yCfYpFILtVvIAYEBU8YgAAAQEIChwN2AUGktWOR0VUIC9kaWFsL2RkLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE1MTo4MDYwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
02034{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570064,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"NDY7z3UopHczjPFACABFAATfjUBAAEAGk2EKAACVCgAA4x9I3np8gG12KkHEloAYAPNXUQAAAQEICgAh4EkcDdgCSFRUUC8xLjEgMjAwIE9LDQpBcHBsaWNhdGlvbi1VUkw6aHR0cDovLzEwLjAuMC4xNDk6ODAwOC9hcHBzLw0KQ29udGVudC1MZW5ndGg6MTA3OQ0KQ29udGVudC1UeXBlOmFwcGxpY2F0aW9uL3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjxyb290IHhtbG5zPSJ1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2UtMS0wIj4NCiAgPHNwZWNWZXJzaW9uPg0KICAgIDxtYWpvcj4xPC9tYWpvcj4NCiAgICA8bWlub3I+MDwvbWlub3I+DQogIDwvc3BlY1ZlcnNpb24+DQogIDxVUkxCYXNlPmh0dHA6Ly8xMC4wLjAuMTQ5OjgwMDg8L1VSTEJhc2U+DQogIDxkZXZpY2U+DQogICAgPGRldmljZVR5cGU+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOmRldmljZTpkaWFsOjE8L2RldmljZVR5cGU+DQogICAgPGZyaWVuZGx5TmFtZT5DaHJvbWVjYXN0MTY5OTwvZnJpZW5kbHlOYW1lPg0KICAgIDxtYW51ZmFjdHVyZXI+R29vZ2xlIEluYy48L21hbnVmYWN0dXJlcj4NCiAgICA8bW9kZWxOYW1lPkV1cmVrYSBEb25nbGU8L21vZGVsTmFtZT4NCiAgICA8VUROPnV1aWQ6NzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2PC9VRE4+DQogICAgPGljb25MaXN0Pg0KICAgICAgPGljb24+DQogICAgICAgIDxtaW1ldHlwZT5pbWFnZS9wbmc8L21pbWV0eXBlPg0KICAgICAgICA8d2lkdGg+OTg8L3dpZHRoPg0KICAgICAgICA8aGVpZ2h0PjU1PC9oZWlnaHQ+DQogICAgICAgIDxkZXB0aD4zMjwvZGVwdGg+DQogICAgICAgIDx1cmw+L3NldHVwL2ljb24ucG5nPC91cmw+DQogICAgICA8L2ljb24+DQogICAgPC9pY29uTGlzdD4NCiAgICA8c2VydmljZUxpc3Q+DQogICAgICA8c2VydmljZT4NCiAgICAgICAgPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQogICAgICAgIDxzZXJ2aWNlSWQ+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOnNlcnZpY2VJZDpkaWFsPC9zZXJ2aWNlSWQ+DQogICAgICAgIDxjb250cm9sVVJMPi9zc2RwL25vdGZvdW5kPC9jb250cm9sVVJMPg0KICAgICAgICA8ZXZlbnRTdWJVUkw+L3NzZHAvbm90Zm91bmQ8L2V2ZW50U3ViVVJMPg0KICAgICAgICA8U0NQRFVSTD4vc3NkcC9ub3Rmb3VuZDwvU0NQRFVSTD4NCiAgICAgIDwvc2VydmljZT4NCiAgICA8L3NlcnZpY2VMaXN0Pg0KICA8L2RldmljZT4NCjwvcm9vdD4NCg=="}
00433{"flow_id":65,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcSWfIByIYAQD\/ChmAAAAQEIChwN2AgAIeBJ"}
00432{"flow_id":66,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":573371,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA0gDJAAEAGpRgKAACXCgAA4x983nsgu1W8gn2LN4AQAVwNkAAAAQEICgaS1Y4cDdgF"}
00692{"flow_id":66,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":576174,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"NDY7z3Uo2DE0IHf7CABFAADygDNAAEAGpFkKAACXCgAA4x983nsgu1W8gn2LN4AYAVx\/qAAAAQEICgaS1Y8cDdgFSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJva3UgVVBuUC8xLjAgTWluaVVQblBkLzEuNA0KQ29udGVudC1MZW5ndGg6IDExNDANCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJ1dGYtOCINCkFwcGxpY2F0aW9uLVVSTDogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsDQoNCg=="}
00433{"flow_id":66,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":576345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILtWeoAQEA\/+FQAAAQEIChwN2A0GktWP"}
01958{"flow_id":66,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579863,"pkt_caplen":1206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1206,"pkt_l4_len":1172,"pkt":"NDY7z3Uo2DE0IHf7CABFAASogDRAAEAGoKIKAACXCgAA4x983nsgu1Z6gn2LN4AYAVwcKQAAAQEICgaS1Y8cDdgNPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8cm9vdCB4bWxucz0idXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlLTEtMCI+DQo8c3BlY1ZlcnNpb24+DQo8bWFqb3I+MTwvbWFqb3I+DQo8bWlub3I+MDwvbWlub3I+DQo8L3NwZWNWZXJzaW9uPg0KPGRldmljZT4NCjxkZXZpY2VUeXBlPnVybjpyb2t1LWNvbTpkZXZpY2U6cGxheWVyOjEtMDwvZGV2aWNlVHlwZT4NCjxmcmllbmRseU5hbWU+RXhwcmVzczwvZnJpZW5kbHlOYW1lPg0KPG1hbnVmYWN0dXJlcj5Sb2t1PC9tYW51ZmFjdHVyZXI+DQo8bWFudWZhY3R1cmVyVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tYW51ZmFjdHVyZXJVUkw+DQo8bW9kZWxEZXNjcmlwdGlvbj5Sb2t1IFN0cmVhbWluZyBQbGF5ZXIgTmV0d29yayBNZWRpYTwvbW9kZWxEZXNjcmlwdGlvbj4NCjxtb2RlbE5hbWU+Um9rdSBFeHByZXNzPC9tb2RlbE5hbWU+DQo8bW9kZWxOdW1iZXI+MzkwMFg8L21vZGVsTnVtYmVyPg0KPG1vZGVsVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tb2RlbFVSTD4NCjxzZXJpYWxOdW1iZXI+WUcwMDRKNDg2ODYzPC9zZXJpYWxOdW1iZXI+DQo8VUROPnV1aWQ6Mjk1YzAwMDQtNjgwNy0xMDZkLTgwY2YtZDgzMTM0MjA3N2ZiPC9VRE4+DQo8c2VydmljZUxpc3Q+DQo8c2VydmljZT4NCjxzZXJ2aWNlVHlwZT51cm46cm9rdS1jb206c2VydmljZTplY3A6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpyb2t1LWNvbTpzZXJ2aWNlSWQ6ZWNwMS0wPC9zZXJ2aWNlSWQ+DQo8Y29udHJvbFVSTD48L2NvbnRyb2xVUkw+DQo8ZXZlbnRTdWJVUkw+PC9ldmVudFN1YlVSTD4NCjxTQ1BEVVJMPmVjcF9TQ1BELnhtbDwvU0NQRFVSTD4NCjwvc2VydmljZT4NCjxzZXJ2aWNlPg0KPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlSWQ6ZGlhbDEtMDwvc2VydmljZUlkPg0KPGNvbnRyb2xVUkw+PC9jb250cm9sVVJMPg0KPGV2ZW50U3ViVVJMPjwvZXZlbnRTdWJVUkw+DQo8U0NQRFVSTD5kaWFsX1NDUEQueG1sPC9TQ1BEVVJMPg0KPC9zZXJ2aWNlPg0KPC9zZXJ2aWNlTGlzdD4NCjwvZGV2aWNlPg0KPC9yb290Pg0K"}
00432{"flow_id":66,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILta7oAQD+z5wQAAAQEIChwN2BAGktWP"}
00409{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":598254,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":716353,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":833566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAatAAAAQEIChwN2QcGksZO"}
00819{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":260892,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00640{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":560308,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00819{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":729313,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":740083,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00408{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":101324,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":560368,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKB2sAAAERttsKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00408{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":606006,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg1aQAAEARkEUKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00432{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":692136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAATrAAAAQEIChwN4A8GksZO"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":764145,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687269094,"flow_last_seen":1569687269094,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":94582,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":223066,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00640{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":559943,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":561873,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":562299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00444{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563567,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00432{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00771{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563819,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"pHczjPFANDY7z3UoCABFAAEvAABAAEAGJFIKAADjCgAAld56H0gqQcObfIBtdoAYEBUO5QAAAQEIChwN2AIAIeBIR0VUIC9zc2RwL2RldmljZS1kZXNjLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE0OTo4MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.149","url":"10.0.0.149:8008\/ssdp\/device-desc.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00432{"flow_id":62,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0jT9AAEAGmA0KAACVCgAA4x9I3np8gG12KkHEloAQAPO1RgAAAQEICgAh4EkcDdgC"}
00444{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567040,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00433{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
00759{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567320,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"2DE0IHf7NDY7z3UoCABFAAEmAABAAEAGJFkKAADjCgAAl957H3yCfYpFILtVvIAYEBU8YgAAAQEIChwN2AUGktWOR0VUIC9kaWFsL2RkLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE1MTo4MDYwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
02034{"flow_id":62,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570064,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"NDY7z3UopHczjPFACABFAATfjUBAAEAGk2EKAACVCgAA4x9I3np8gG12KkHEloAYAPNXUQAAAQEICgAh4EkcDdgCSFRUUC8xLjEgMjAwIE9LDQpBcHBsaWNhdGlvbi1VUkw6aHR0cDovLzEwLjAuMC4xNDk6ODAwOC9hcHBzLw0KQ29udGVudC1MZW5ndGg6MTA3OQ0KQ29udGVudC1UeXBlOmFwcGxpY2F0aW9uL3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjxyb290IHhtbG5zPSJ1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2UtMS0wIj4NCiAgPHNwZWNWZXJzaW9uPg0KICAgIDxtYWpvcj4xPC9tYWpvcj4NCiAgICA8bWlub3I+MDwvbWlub3I+DQogIDwvc3BlY1ZlcnNpb24+DQogIDxVUkxCYXNlPmh0dHA6Ly8xMC4wLjAuMTQ5OjgwMDg8L1VSTEJhc2U+DQogIDxkZXZpY2U+DQogICAgPGRldmljZVR5cGU+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOmRldmljZTpkaWFsOjE8L2RldmljZVR5cGU+DQogICAgPGZyaWVuZGx5TmFtZT5DaHJvbWVjYXN0MTY5OTwvZnJpZW5kbHlOYW1lPg0KICAgIDxtYW51ZmFjdHVyZXI+R29vZ2xlIEluYy48L21hbnVmYWN0dXJlcj4NCiAgICA8bW9kZWxOYW1lPkV1cmVrYSBEb25nbGU8L21vZGVsTmFtZT4NCiAgICA8VUROPnV1aWQ6NzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2PC9VRE4+DQogICAgPGljb25MaXN0Pg0KICAgICAgPGljb24+DQogICAgICAgIDxtaW1ldHlwZT5pbWFnZS9wbmc8L21pbWV0eXBlPg0KICAgICAgICA8d2lkdGg+OTg8L3dpZHRoPg0KICAgICAgICA8aGVpZ2h0PjU1PC9oZWlnaHQ+DQogICAgICAgIDxkZXB0aD4zMjwvZGVwdGg+DQogICAgICAgIDx1cmw+L3NldHVwL2ljb24ucG5nPC91cmw+DQogICAgICA8L2ljb24+DQogICAgPC9pY29uTGlzdD4NCiAgICA8c2VydmljZUxpc3Q+DQogICAgICA8c2VydmljZT4NCiAgICAgICAgPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQogICAgICAgIDxzZXJ2aWNlSWQ+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOnNlcnZpY2VJZDpkaWFsPC9zZXJ2aWNlSWQ+DQogICAgICAgIDxjb250cm9sVVJMPi9zc2RwL25vdGZvdW5kPC9jb250cm9sVVJMPg0KICAgICAgICA8ZXZlbnRTdWJVUkw+L3NzZHAvbm90Zm91bmQ8L2V2ZW50U3ViVVJMPg0KICAgICAgICA8U0NQRFVSTD4vc3NkcC9ub3Rmb3VuZDwvU0NQRFVSTD4NCiAgICAgIDwvc2VydmljZT4NCiAgICA8L3NlcnZpY2VMaXN0Pg0KICA8L2RldmljZT4NCjwvcm9vdD4NCg=="}
00433{"flow_id":62,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcSWfIByIYAQD\/ChmAAAAQEIChwN2AgAIeBJ"}
00432{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":573371,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA0gDJAAEAGpRgKAACXCgAA4x983nsgu1W8gn2LN4AQAVwNkAAAAQEICgaS1Y4cDdgF"}
00692{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":576174,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"NDY7z3Uo2DE0IHf7CABFAADygDNAAEAGpFkKAACXCgAA4x983nsgu1W8gn2LN4AYAVx\/qAAAAQEICgaS1Y8cDdgFSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJva3UgVVBuUC8xLjAgTWluaVVQblBkLzEuNA0KQ29udGVudC1MZW5ndGg6IDExNDANCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJ1dGYtOCINCkFwcGxpY2F0aW9uLVVSTDogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsDQoNCg=="}
00433{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":576345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILtWeoAQEA\/+FQAAAQEIChwN2A0GktWP"}
01958{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579863,"pkt_caplen":1206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1206,"pkt_l4_len":1172,"pkt":"NDY7z3Uo2DE0IHf7CABFAASogDRAAEAGoKIKAACXCgAA4x983nsgu1Z6gn2LN4AYAVwcKQAAAQEICgaS1Y8cDdgNPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8cm9vdCB4bWxucz0idXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlLTEtMCI+DQo8c3BlY1ZlcnNpb24+DQo8bWFqb3I+MTwvbWFqb3I+DQo8bWlub3I+MDwvbWlub3I+DQo8L3NwZWNWZXJzaW9uPg0KPGRldmljZT4NCjxkZXZpY2VUeXBlPnVybjpyb2t1LWNvbTpkZXZpY2U6cGxheWVyOjEtMDwvZGV2aWNlVHlwZT4NCjxmcmllbmRseU5hbWU+RXhwcmVzczwvZnJpZW5kbHlOYW1lPg0KPG1hbnVmYWN0dXJlcj5Sb2t1PC9tYW51ZmFjdHVyZXI+DQo8bWFudWZhY3R1cmVyVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tYW51ZmFjdHVyZXJVUkw+DQo8bW9kZWxEZXNjcmlwdGlvbj5Sb2t1IFN0cmVhbWluZyBQbGF5ZXIgTmV0d29yayBNZWRpYTwvbW9kZWxEZXNjcmlwdGlvbj4NCjxtb2RlbE5hbWU+Um9rdSBFeHByZXNzPC9tb2RlbE5hbWU+DQo8bW9kZWxOdW1iZXI+MzkwMFg8L21vZGVsTnVtYmVyPg0KPG1vZGVsVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tb2RlbFVSTD4NCjxzZXJpYWxOdW1iZXI+WUcwMDRKNDg2ODYzPC9zZXJpYWxOdW1iZXI+DQo8VUROPnV1aWQ6Mjk1YzAwMDQtNjgwNy0xMDZkLTgwY2YtZDgzMTM0MjA3N2ZiPC9VRE4+DQo8c2VydmljZUxpc3Q+DQo8c2VydmljZT4NCjxzZXJ2aWNlVHlwZT51cm46cm9rdS1jb206c2VydmljZTplY3A6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpyb2t1LWNvbTpzZXJ2aWNlSWQ6ZWNwMS0wPC9zZXJ2aWNlSWQ+DQo8Y29udHJvbFVSTD48L2NvbnRyb2xVUkw+DQo8ZXZlbnRTdWJVUkw+PC9ldmVudFN1YlVSTD4NCjxTQ1BEVVJMPmVjcF9TQ1BELnhtbDwvU0NQRFVSTD4NCjwvc2VydmljZT4NCjxzZXJ2aWNlPg0KPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlSWQ6ZGlhbDEtMDwvc2VydmljZUlkPg0KPGNvbnRyb2xVUkw+PC9jb250cm9sVVJMPg0KPGV2ZW50U3ViVVJMPjwvZXZlbnRTdWJVUkw+DQo8U0NQRFVSTD5kaWFsX1NDUEQueG1sPC9TQ1BEVVJMPg0KPC9zZXJ2aWNlPg0KPC9zZXJ2aWNlTGlzdD4NCjwvZGV2aWNlPg0KPC9yb290Pg0K"}
00432{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILta7oAQD+z5wQAAAQEIChwN2BAGktWP"}
00409{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":598254,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":716353,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":833566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAatAAAAQEIChwN2QcGksZO"}
00819{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":260892,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00640{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":560308,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00819{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":729313,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":740083,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00408{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":101324,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00640{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":560368,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKB2sAAAERttsKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00408{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":606006,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg1aQAAEARkEUKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00432{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":692136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAATrAAAAQEIChwN4A8GksZO"}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":764145,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00586{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":967353,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00818{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":80873,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkAZAAEARlBoKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00818{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":80873,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkAZAAEARlBoKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00595{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":376985,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsXgQAAP8RcWwKAADV4AAA+xTpFOkAmEDPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4EABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00627{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":377448,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYm8UAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADgQAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00433{"flow_id":66,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687273,"pkt_ts_usec":580632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA0gDVAAEAGpRUKAACXCgAA4x983nsgu1rugn2LN4ARAVwGwQAAAQEICgaS1x8cDdgQ"}
00433{"flow_id":66,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687273,"pkt_ts_usec":580713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILta74AQEADo1gAAAQEIChwN51YGktcf"}
00409{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":111509,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgHDkAAEARSbEKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00409{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":614667,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgdkAAAEAR76kKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00433{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687273,"pkt_ts_usec":580632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA0gDVAAEAGpRUKAACXCgAA4x983nsgu1rugn2LN4ARAVwGwQAAAQEICgaS1x8cDdgQ"}
00433{"flow_id":63,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687273,"pkt_ts_usec":580713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILta74AQEADo1gAAAQEIChwN51YGktcf"}
00409{"flow_id":60,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":111509,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgHDkAAEARSbEKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00409{"flow_id":60,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":614667,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgdkAAAEAR76kKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00587{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":834528,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00433{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687275,"pkt_ts_usec":135465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAGZAAAAQEIChwN7VcGksZO"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":139200,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00479{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":144772,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00504{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":188381,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":202381,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOTbMAAEARFwsKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00433{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687275,"pkt_ts_usec":135465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAGZAAAAQEIChwN7VcGksZO"}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":139200,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00479{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":144772,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00504{"flow_id":67,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":188381,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":202381,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOTbMAAEARFwsKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00587{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":906582,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00504{"flow_id":70,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":697720,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABg2UoAAEARi2EKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":70,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2031,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":697914,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABO6AgAAEARfLUKAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00504{"flow_id":70,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":697993,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABghFIAAEAR4FkKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":70,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":698192,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOmWsAAEARy1IKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00410{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":120968,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgye8AAEARm\/oKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00504{"flow_id":70,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":141395,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgNbcAAEARLvUKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00479{"flow_id":70,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2245,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":157008,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABO00cAAEARkXYKAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00505{"flow_id":70,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2247,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":157370,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABg5ykAAEARfYIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00505{"flow_id":70,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2251,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":195597,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABg61kAAEAReVIKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00479{"flow_id":70,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":203487,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOjQgAAEAR17UKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00409{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":624310,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgsKcAAEARtUIKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00504{"flow_id":67,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":697720,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABg2UoAAEARi2EKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":67,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2031,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":697914,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABO6AgAAEARfLUKAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00504{"flow_id":67,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":697993,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABghFIAAEAR4FkKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":67,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687278,"pkt_ts_usec":698192,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOmWsAAEARy1IKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00410{"flow_id":60,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":120968,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgye8AAEARm\/oKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00504{"flow_id":67,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":141395,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgNbcAAEARLvUKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00479{"flow_id":67,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2245,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":157008,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABO00cAAEARkXYKAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00505{"flow_id":67,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2247,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":157370,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABg5ykAAEARfYIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00505{"flow_id":67,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2251,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":195597,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABg61kAAEAReVIKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00479{"flow_id":67,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":203487,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOjQgAAEAR17UKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00409{"flow_id":60,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":624310,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgsKcAAEARtUIKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00587{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2328,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":978592,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00434{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":158363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_id":70,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":686916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgUbMAAEAREvkKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00433{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2419,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":981171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADsmwAAAQEIChwOBx8GksZO"}
00434{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687282,"pkt_ts_usec":157559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UoVAAPMGunIIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYgdAAAAQEICnindegcDdF\/"}
00505{"flow_id":70,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2474,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687283,"pkt_ts_usec":186905,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgHKoAAEARSAIKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00434{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":158363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
00505{"flow_id":67,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":686916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgUbMAAEAREvkKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00433{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2419,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":981171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADsmwAAAQEIChwOBx8GksZO"}
00434{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687282,"pkt_ts_usec":157559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UoVAAPMGunIIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYgdAAAAQEICnindegcDdF\/"}
00505{"flow_id":67,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2474,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687283,"pkt_ts_usec":186905,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgHKoAAEARSAIKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00586{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687284,"pkt_ts_usec":50614,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00434{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687284,"pkt_ts_usec":157706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0WbNAAPMGs0QIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYYpAAAAQEICninfbgcDdF\/"}
00409{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2570,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":129419,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgwLAAAEARpTkKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00410{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":632460,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg9UsAAEARcJ4KAADjCgAAAc1zAMAADAmuEAEDEA=="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":917856,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00508{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918076,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="}
00625{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00708{"flow_id":71,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918669,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="}
00590{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00596{"flow_id":71,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":919025,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7pHczjPFACABFAACsAABAAP8Rj7AKAACV4AAA+xTpFOkAmGRVAACEAAAAAAEAAAABJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhgAEAAAB4AC0A0gDzJxEkNzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2wELAWQABgAEAAAB4AAQKAACV"}
00627{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687287,"pkt_ts_usec":737123,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00434{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":158305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0aqNAAPMGolQIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYJBAAAAQEICninjVgcDdF\/"}
00433{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":697648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADS0wAAAQEIChwOIOcGksZO"}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687284,"pkt_ts_usec":157706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0WbNAAPMGs0QIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYYpAAAAQEICninfbgcDdF\/"}
00409{"flow_id":60,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2570,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":129419,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgwLAAAEARpTkKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00410{"flow_id":60,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":632460,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg9UsAAEARcJ4KAADjCgAAAc1zAMAADAmuEAEDEA=="}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":917856,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
00579{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00508{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918076,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="}
00625{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00708{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918669,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="}
00590{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00596{"flow_id":68,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":919025,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7pHczjPFACABFAACsAABAAP8Rj7AKAACV4AAA+xTpFOkAmGRVAACEAAAAAAEAAAABJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhgAEAAAB4AC0A0gDzJxEkNzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2wELAWQABgAEAAAB4AAQKAACV"}
00627{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687287,"pkt_ts_usec":737123,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00434{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":158305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0aqNAAPMGolQIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYJBAAAAQEICninjVgcDdF\/"}
00433{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":697648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADS0wAAAQEIChwOIOcGksZO"}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3001/2997
~~ skipped flows.............: 0
~~ total layer4 data length..: 914499 bytes
~~ total detected protocols..: 60
~~ total active/idle flows...: 72/72
~~ total detected protocols..: 57
~~ total active/idle flows...: 69/69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 2193498 bytes
~~ total memory freed........: 2193498 bytes
~~ total allocations/frees...: 38596/38596
~~ total memory allocated....: 2188698 bytes
~~ total memory freed........: 2188698 bytes
~~ total allocations/frees...: 38587/38587
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 141 chars
~~ json string max len.......: 2401 chars

12
test/results/anydesk-2.pcap.out
View File

@@ -1,15 +1,15 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":247036,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00686{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":260893,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":542630,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00686{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":553797,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
00702{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613977595379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":379986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
00427{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
00408{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
@@ -21,7 +21,7 @@
01066{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
00607{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391710,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"2MuK4S0uKDc3AG3ICABFAAC3AABAAEAGtYPAqAGywKgBuxue05RZw\/lLjxh8PlAYIAAyhQAA\/lfoKQRRf1Hxpsc6c\/yFjbVmgtO6ISUwVcLPkVXAi7DnESvmg0P2bwtRcTr4ZR9Nv2mLB1LE54nX2F3jqjkB9yM1nC+2ntDQGnI0l5VsuqIAnOB72eDWll8HFgMDADANAAAoBQMEAQJAAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAAA4AAAA="}
00409{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDdAAIAGAADAqAG7wKgBstOUG56PGHw+WcP52lAQBAKE2AAA"}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1613977595407,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407425,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
00428{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407489,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
00417{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407676,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}

4
test/results/anydesk.pcap.out
View File

@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591342198821,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":821353,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":821804,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"}
00473{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":998446,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"}
@@ -8,7 +8,7 @@
00406{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":30587,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAotoxAAEAGCzbAqJWBM1PvkI3\/AFB7i56NMVwSg1AQ+DR5KAAA"}
00625{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":192188,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAwplUdeAFBW5dKtCABFAADHe1MAAIAGRdAzU++QwKiVgQBQjf8xXBKDe4uejVAY+vC7swAAFwMDAJokrUQuni1bFHnCrCrci8mu17SSshonC+8pGDiK6l\/Phzxh+NqjpoA5ePRAbTasLuAk4CkeR\/3tMjzdi54ShmUijEg7vw7jf2Yibglow2dlbDkiN8RweFkh8WAg9qfiulu\/uBXqXNlyQGNFnq0FuLddJpIfp\/rRQZTfZvnPbpMerzuj+HtmaUXL4pG6hubYJ0hdsp6pU1FeUjm4"}
00407{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":192219,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoto1AAEAGCzXAqJWBM1PvkI3\/AFB7i56NMVwTIlAQ+DR5KAAA"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1591342199201,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":201196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
00415{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366001,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
00407{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366113,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}

158
test/results/avast_securedns.pcapng.out
View File

@@ -1,125 +1,125 @@
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625215624,"pkt_ts_usec":443704,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"}
00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00643{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625215624,"pkt_ts_usec":563615,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241699,"pkt_ts_usec":450886,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"}
00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00643{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241699,"pkt_ts_usec":572209,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMLtkAADARvtC11iOVwKgCZAG77xEAuEqr03OBgAABAAEAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241701,"pkt_ts_usec":462154,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeoAAH8RjUjAqAJktdYjle2jAbsAL7p1TIkBAAABAAAAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAAB"}
00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00643{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241701,"pkt_ts_usec":583055,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMMogAADIRuSG11iOVwKgCZAG77aMAuDLkTImBgAABAAEAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241714,"pkt_ts_usec":666452,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"}
00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00643{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241714,"pkt_ts_usec":787539,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320207,"pkt_ts_usec":133036,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"}
00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00644{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320207,"pkt_ts_usec":252515,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnAoAADMRTp+11iOVwKgCZAG73QUAuJ93UJOBgAABAAEAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320209,"pkt_ts_usec":63685,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9YAAH8RU1zAqAJktdYjld29AbsAL+vXy0wBAAABAAAAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAAB"}
00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00644{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320209,"pkt_ts_usec":184034,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnWsAADMRTT611iOVwKgCZAG73b0AuGRGy0yBgAABAAEAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321673,"pkt_ts_usec":727184,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"}
00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00644{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321673,"pkt_ts_usec":848204,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMus8AADIRMNq11iOVwKgCZAG7xZUAuNCsdw6BgAABAAEAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321675,"pkt_ts_usec":283046,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS98AAH8RU1PAqAJktdYjle6zAbsAL9OvEl8BAAABAAAAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAAB"}
00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00644{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321675,"pkt_ts_usec":403948,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395217,"pkt_ts_usec":252548,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"}
00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395217,"pkt_ts_usec":373676,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMg3oAADIRaC+11iOVwKgCZAG7\/boAuO\/BP5SBgAABAAEAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":1625395214062,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395214,"pkt_ts_usec":62223,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKcUAAH8RdW3AqAJktdYjlejlAbsAL0m4oeQBAAABAAAAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":1625395214062,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395214,"pkt_ts_usec":182444,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1625395214062,"flow_last_seen":1625395214182,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401091,"pkt_ts_usec":63741,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401091,"pkt_ts_usec":190472,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMtpAAADMRNBm11iOVwKgCZAG7zQUAuETH+0OBgAABAAEAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401093,"pkt_ts_usec":323098,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKdEAAH8RdWHAqAJktdYjldaaAbsALxAyzbUBAAABAAAAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401093,"pkt_ts_usec":443763,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625413810,"pkt_ts_usec":414650,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625413810,"pkt_ts_usec":531155,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477697,"pkt_ts_usec":370410,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477697,"pkt_ts_usec":487351,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMthcAADIRNZK11iOVwKgCZAG74ysAuDJEV2GBgAABAAEAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477700,"pkt_ts_usec":767388,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD4k8AAH8RvOLAqAJktdYjlfvnAbsAL7tgPVoBAAABAAAAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477700,"pkt_ts_usec":884351,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMuTUAADIRMnS11iOVwKgCZAG7++cAuDPPPVqBgAABAAEAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477702,"pkt_ts_usec":850743,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD4lMAAH8RvN7AqAJktdYjlcIoAbsAL9+b0x0BAAABAAAAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477702,"pkt_ts_usec":968619,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMurcAADERMfK11iOVwKgCZAG7wigAuFgK0x2BgAABAAEAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477738,"pkt_ts_usec":51015,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD1LsAAH8RynbAqAJktdYjldgPAbsAL4PhWDEBAAABAAAAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477738,"pkt_ts_usec":172059,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMCxkAADER4ZC11iOVwKgCZAG72A8AuPxPWDGBgAABAAEAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477739,"pkt_ts_usec":836341,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477739,"pkt_ts_usec":952878,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482316,"pkt_ts_usec":411404,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482316,"pkt_ts_usec":532446,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMlTUAADMRVXS11iOVwKgCZAG7++4AuP5zMq6BgAABAAEAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482318,"pkt_ts_usec":517463,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvkAAH8R1DjAqAJktdYjlcjXAbsALzxZb7EBAAABAAAAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482318,"pkt_ts_usec":634061,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMmQwAADIRUp211iOVwKgCZAG7yNcAuLTHb7GBgAABAAEAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482396,"pkt_ts_usec":199376,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD9goAAH8RqSfAqAJktdYjlfkgAbsALyRTl04BAAABAAAAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482396,"pkt_ts_usec":320234,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMN0IAADMRs2e11iOVwKgCZAG7+SAAuJzBl06BgAABAAEAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482399,"pkt_ts_usec":44158,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD9g4AAH8RqSPAqAJktdYjlcNYAbsAL0Y+i0sBAAABAAAAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482399,"pkt_ts_usec":165298,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMOy8AADIRsHq11iOVwKgCZAG7w1gAuL6si0uBgAABAAEAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482401,"pkt_ts_usec":89959,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD9hIAAH8RqR\/AqAJktdYjlcJJAbsAL3PfnlkBAAABAAAAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482401,"pkt_ts_usec":211672,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMPeEAADIRrci11iOVwKgCZAG7wkkAuOxNnlmBgAABAAEAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482484,"pkt_ts_usec":544530,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EEAAH8RovDAqAJktdYjlcqvAbsAL8hTAb8BAAABAAAAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482484,"pkt_ts_usec":661573,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMsJIAADIROxe11iOVwKgCZAG7yq8AuEDCAb+BgAABAAEAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":1625482480048,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482480,"pkt_ts_usec":48526,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/D0AAH8RovTAqAJktdYjlerfAbsAL5AIOXoBAAABAAAAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":1625482480048,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482480,"pkt_ts_usec":169190,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMo38AADIRSCq11iOVwKgCZAG76t8AuAh3OXqBgAABAAEAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482486,"pkt_ts_usec":856203,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EUAAH8RouzAqAJktdYjldUSAbsAL8JN\/WEBAAABAAAAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00647{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482486,"pkt_ts_usec":976882,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMt\/IAADMRMre11iOVwKgCZAG71RIAuDq8\/WGBgAABAAEAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -129,67 +129,67 @@
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482998,"pkt_ts_usec":213179,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482998,"pkt_ts_usec":333968,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM\/oEAADMR7Ce11iOVwKgCZAG7+7AAuEu6pcWBgAABAAEAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483010,"pkt_ts_usec":449914,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDf5MAAH8RH5\/AqAJktdYjlejdAbsALyrioMIBAAABAAAAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483010,"pkt_ts_usec":570990,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMH70AADMRyuy11iOVwKgCZAG76N0AuKNQoMKBgAABAAEAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483073,"pkt_ts_usec":336987,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDR0IAAH8RV\/DAqAJktdYjlf4nAbsAL7S54cABAAABAAAAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483073,"pkt_ts_usec":457882,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMaN0AADIRgsy11iOVwKgCZAG7\/icAuC0o4cCBgAABAAEAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":1625483070937,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483070,"pkt_ts_usec":937773,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDRz4AAH8RV\/TAqAJktdYjlcrZAbsAL46OWvoBAAABAAAAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":1625483070937,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00644{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483071,"pkt_ts_usec":57808,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMZ5oAADIRhA+11iOVwKgCZAG7ytkAuAb9WvqBgAABAAEAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":1625483067865,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483067,"pkt_ts_usec":865967,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDRzoAAH8RV\/jAqAJktdYjlczBAbsAL78\/SIEBAAABAAAAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":1625483067865,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483067,"pkt_ts_usec":982727,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1625483070937,"flow_last_seen":1625483071057,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1625483067865,"flow_last_seen":1625483067982,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511643,"pkt_ts_usec":408589,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511643,"pkt_ts_usec":529006,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM0vYAADMRF7O11iOVwKgCZAG76FIAuCvROO2BgAABAAEAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511645,"pkt_ts_usec":426829,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDhSsAAH8RGgfAqAJktdYjldJPAbsAL0czmx8BAAABAAAAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511645,"pkt_ts_usec":546487,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM008AADMRF1q11iOVwKgCZAG70k8AuL+hmx+BgAABAAEAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556065,"pkt_ts_usec":479179,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556067,"pkt_ts_usec":432481,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAgAAH8RgyrAqAJktdYjlci3AbsAL6ehZCkBAAABAAAAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556067,"pkt_ts_usec":553211,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMazAAADIRgHm11iOVwKgCZAG7yLcAuCAQZCmBgAABAAEAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556100,"pkt_ts_usec":118860,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwQAAH8RhC7AqAJktdYjlfy8AbsAL4gY7+wBAAABAAAAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556100,"pkt_ts_usec":236729,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMlbkAADIRVfC11iOVwKgCZAG7\/LwAuACH7+yBgAABAAEAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556102,"pkt_ts_usec":196787,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00645{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556102,"pkt_ts_usec":314591,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558730,"pkt_ts_usec":271025,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558730,"pkt_ts_usec":389235,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM7EMAADIR\/2W11iOVwKgCZAG71egAuIZ80KuBgAABAAEAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558735,"pkt_ts_usec":43354,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFYAAH8RctzAqAJktdYjlcAAAbsAL9\/2VKsBAAABAAAAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAAB"}
00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00604{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
00646{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558735,"pkt_ts_usec":164269,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM7yMAADIR\/IW11iOVwKgCZAG7wAAAuFhlVKuBgAABAAEAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}

12
test/results/bad-dns-traffic.pcap.out
View File

@@ -1,7 +1,7 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012623,"pkt_ts_usec":234684,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":242985,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325522,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
@@ -21,9 +21,9 @@
00656{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":521830,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5LMYS\/DDAhoR+f4qCABFAADXAABAADMRVQ0EAgIEwKgrWwA1jH4Awx2PmROBgAABAAEAAAAAPGI3M2YwMWE2MjFjMzYyMDEwYTU3NjU2YzYzNmY2ZDY1MjA3NDZmMjA2NDZlNzM2MzYxNzAyMTIwNTQ2ODg2NTIwNjY2YzYxNjcyMDY5NzMyMDYyNjU2YzZmNzcyYzIwNjg2MTc2NjUyMDY2NzU2ZTIxMjEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhZWIxMDFhNjIxMDEwYWMzOTPAgg=="}
00473{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":522162,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9pxAAEARUfbAqCtbBAICBIx+ADUAPTyE+j4BAAABAAAAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":571529,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1jH4AYCrM+j6BgAABAAEAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1NWE3MDFhNjIxMDEwYWMzOTPAHw=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012635,"pkt_ts_usec":73060,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012636,"pkt_ts_usec":79520,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012637,"pkt_ts_usec":85359,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
@@ -44,9 +44,9 @@
00473{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":238555,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRAC9AAEARSGTAqCtbBAICBNwiADUAPaQHCm0BAAABAAAAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":293987,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYLAaCm2BgAABAAEAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChIyOTkyMDFmZGY1NDE3ZDI1MzLAHw=="}
00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012691087,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":177697,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00573{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381593,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381905,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}

12
test/results/bitcoin.pcap.out
View File

@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1301327937725,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":725033,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
00570{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":800894,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"}
01786{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":931550,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -15,7 +15,7 @@
02387{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":907506,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXc90dAAEAG6U7AqAGOvKXVqdgVII1UFsJv9OSPg4AQ\/\/8yYAAAAQEICicy228wkrxZqAAAAAAAAAIAAABbjacOO7ehJZKVVWBuwsVZJAX8Bcw9IQXLUwAAAAAAAAIAAABjKtyaZqub0a4QXrTXEOBXlIwuMyPoV4DXyQAAAAAAAAIAAACAesXRl6IxwOyV5rAzrmK0xgwV0ECh6q1lYQAAAAAAAAIAAAAZ3Ce83jjP2cB\/YkVFKayz2mPdZT6\/9q61LQAAAAAAAAIAAABDXTfaeHhZTzaoTC9yLc\/x1tEQ8v0eLMsIbQAAAAAAAAIAAADHxCcUlFXv1nxG\/Un1lT7zUQz1aQaW60nrlQAAAAAAAAIAAABiy\/ssIz44IxlIFKKbPRPtUXtJBR8dH1F7OAAAAAAAAAIAAAB+C64bJTtdX1J\/zCmdYBw1OIu+e1JH5UsBLAAAAAAAAAIAAACDjnaBAfvBfVkcgYEW61m7mTcs4+PYH7NXQgAAAAAAAAIAAAD8Sjpzl\/pY+XFSowU0O4LxKn\/L9BsMXKsn0AAAAAAAAAIAAAC8FUOH\/VjMTxePh4ApiBasBHoleUIC3mQHfgAAAAAAAAIAAAAmbZqYsH0gTlDkfffK1gNwYmh\/jcOVqJcBqQAAAAAAAAIAAADBzrVj4n2PWVxKPqHQnl7ke4jLdODGx7xXswAAAAAAAAIAAADtYzsSYg9zJ+5Ant\/vI12yJ\/GL+j8dEZdZkAAAAAAAAAIAAACRPmzbiuVERFgTPXed3ITPDiku4aM7ABZ2jwAAAAAAAAIAAABD1pJoBCang4F8mmlWwggeUZisn\/y31zd6QwAAAAAAAAIAAAAwxmrukdIUcly6ZFfnQDRhZos9g9uwtyR6qQAAAAAAAAIAAAC0END0y8tvhp\/P3MfPoA8KZkbYVYJCwVemmAAAAAAAAAIAAADX2b5x9eabvJhOSVA4NGX+kmrUKSXRdqAYHwAAAAAAAAIAAABPpfUijIxCUdc+QLG+51K5bz8xKt+HQ8A6igAAAAAAAAIAAADRDU6ZIkEen36+OmJS+U\/GvSSnsltpY1t8PwAAAAAAAAIAAAA4uOl3D305fKBKWNkRL4i5yFijWRzcCxFyNwAAAAAAAAIAAACnhkaxzwNMcsmFyHSdUr+FlHFjb\/uBNmRNfwAAAAAAAAIAAADyH1Q29uptBEJP+W4wPXx\/9bE3Ow7wTgJGGgAAAAAAAAIAAAD\/LEOghtOIND7Go0RUlv50ytNO3GT6jOgnUQAAAAAAAAIAAABxeAVupZn0dP1Jb5hExzbXcqT0qW0JgzCBqQAAAAAAAAIAAABYUtnIiLe7MkHBuFY0T6UGYXmUAKvmox5xSgAAAAAAAAIAAACKk46AtUsdWEaHJOu2oKg6ZQoFrY5KtaNdVwAAAAAAAAIAAAAq3wVd58394lRc8Xh4b7n5NdNK35WH\/GVtYgAAAAAAAAIAAAAB9cvs1eJeNT5V66JoDG7tEbF5DGla39pgpgAAAAAAAAIAAAB9cORoY7ss+Xwo1DFnGzt3PgraWS6uU2d+twAAAAAAAAIAAACpitNVmS7sGL+R05I+4\/GbQXHvf7G2Vt4tMgAAAAAAAAIAAAAySdqEQB2q579u083ePrH7xO2SrBI1Ox2wOQAAAAAAAAIAAAD6CcjKIGDqeq1dD8I3fA2vJhI54RLu+G5PqgAAAAAAAAIAAACsQYqq4PhWny574BusoOFbshrLGHrjFqPmuQAAAAAAAAIAAAC8sBxOvhoPwRr1hN83rfS4PJ2JEbBB8GHoRQAAAAAAAAIAAABaL1nFgCg13zZv2XqRr9o6y2fxW63cg3uKUAAAAAAAAAIAAADpsC9lcwci2Pom\/WtKofBPnWluv0PicNy42AAAAAAAAAIAAACM62zvxVs9uuPrrkvKPwExilN9rux1aZnLKAAAAAAAAAIAAAA5Cjk5P\/KIP+7UC4V6ObHB+RS\/O73aKFStcgAAAAAAAAI="}
02379{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":907546,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXc2g1AAEAGBonAqAGOvKXVqdgVII1UFsgX9OSPg4AQ\/\/\/56gAAAQEICicy228wkrxZAAAANFGo\/z6uJ7Abi3hfWVNEj1QESpreLDm8usMAAAAAAAACAAAAn5Fiv3MNhGlrGiyJcW6lDlRgENf24689azAAAAAAAAACAAAA3qf5dOV8Ece0wCfz3rcjQNn8iV2i+oujXDIAAAAAAAACAAAAyu3T3NWc+n7Emtw4Sp9DzpoLQmZWURUonlcAAAAAAAACAAAA+Eh4N2oeZVyT+MKgvUCWSHXCbYXh1sJjXDQAAAAAAAACAAAAjdi\/\/1Kp6JzwnsXLILVhmlGXQ4ZqxMKgNX0AAAAAAAACAAAAO8HliP9XesCS8ukGAfBIwyyd9zCB2fswZZ0AAAAAAAACAAAAvsqo6pR0voT3qNZ6UF3vwlSzpEe7M0oexikAAAAAAAACAAAAr44gQZUaQvKEACLsgTANbuq\/WAhEW7mUUl0AAAAAAAACAAAA0sMA6ru0+Xi7uxKkbRZR32QuDO3yG1bNUh4AAAAAAAACAAAAagcb+PNjlEZR2uJfagtN1smCFZqEsPHSP48AAAAAAAACAAAATCZQ4EsTCuucPnmANjCUYpEe92RJZKW5uk4AAAAAAAACAAAAfPQlXPKU\/JTfizU11C4fKQhNFxA1Spkpe4UAAAAAAAACAAAAbU05t9qvVUcOh3wOLFKB2pkOFMn2uj9aNVQAAAAAAAACAAAAdtLEOyxHwSMT16ZPmuqXd7OHRCigZaIJipgAAAAAAAACAAAALdGqkV1PhqQQvIcPuheyhCxDjy9WB+mhmSAAAAAAAAACAAAA\/R4yoTNooNK7DE5fek5G5567wVcMf+zFgC0AAAAAAAACAAAAdsKBfim4kQkrB02NwmxUTxtGEpest77N8aMAAAAAAAACAAAAbQD1EwPbZZ4sCNskT6G0pEm8Wpj2Be2zzDIAAAAAAAACAAAArNFzVmWtN2T0dnDfpPyq6FjZgl7wTNq6xyYAAAAAAAACAAAAOiLW6feqExsFNOruu5td6YOEVl2iHRP7n9UAAAAAAAACAAAAhcWpz8GA\/d+pKNbd5LeJrRmG3VP+off6340AAAAAAAACAAAAnoIgtftcS1PS1OHY6N+c5kSbD9g2664byl0AAAAAAAACAAAAdCytp5E09CsK6nkX6g44F7Tk0P0f72uE8GYAAAAAAAACAAAA1tqgYlmjIwna+gtHiFQl0AAF547iSsywa5AAAAAAAAACAAAARh+QXkqCEZFK9+NdphUjifuGyOrycz0f6D4AAAAAAAACAAAAwWnyfGnakCJftTQ5QLVNBgxUJCfCJkjvhacAAAAAAAACAAAAsN5AAQ2Cq\/ran1sJJQvg4khgJ54eKfKvZVQAAAAAAAACAAAAPTi0SHWvEOdJy8Qji\/5JwnLxQfXQC8vWj0AAAAAAAAACAAAAzz+6IsjY1IpWbIHYD55Fsrg+pVsPrmWtKrMAAAAAAAACAAAARV1q0Fb27DZJ7NmutMdlEnSBKhEV2yTq7zQAAAAAAAACAAAAO70OQaLFD61WYynQC+81\/\/G2G+8pzBCI8HgAAAAAAAACAAAABqotZj5Yzi6HQh8Rejrtr00qWnOWIK2Z2ToAAAAAAAACAAAA6hWbzAmWf2vcsAou\/Cb3jjt5y3aLExl7EsEAAAAAAAACAAAADBBghf4aRc5Q1bNoNYiebWmSVFy+Qpid0m4AAAAAAAACAAAAAHZbjuWHp40tuMxQs0D3nvFunSJxQ+RxAZ0AAAAAAAACAAAAoyRSiuAf8lrO3LVlr6xDCvr9MDT2HIZMISsAAAAAAAACAAAAX1gJgVD57qeamx+eDXSP0Vnegh\/xnV6zbI0AAAAAAAACAAAA6ZU9gW8JTg9abPJGVuuR\/+B7o99tG6znaKYAAAAAAAACAAAArjoryxXDD6QD1axKA1PKZ7Fluf8pEM7Cj8UAAAAAAAACAAAAJ0gVads="}
02380{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":909012,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXckTtAAEAGT1vAqAGOvKXVqdgVII1UFs2\/9OSPg4AQ\/\/+0owAAAQEICicy228wkrxaXHqZ1BxTHVL5qGd\/c6dAphzrrkPWAAAAAAAAAgAAAJJhTrfbpQdOm\/uqE247YlpGdYjEalIg6AkIAAAAAAAAAgAAAPSdfPpxJMw2qUY9NfcVEWYQOkGeee3304EdAAAAAAAAAgAAALr6ohUXy+6TbDRFvt0lq8M0pLr1suNrarXaAAAAAAAAAgAAAMQ5ZPZjCTVyscEHJ07NW7ANy5tyFXTxjw45AAAAAAAAAgAAAA5I7m1PBtvo7M3of56uNctat\/bYA92XO8h9AAAAAAAAAgAAAOjKLx1FRICxdUWAXv3XCosAo2QRsVhZlZuAAAAAAAAAAgAAABiNjPey8ooJCez7xYvUqLAJPOPGwy1RRpRNAAAAAAAAAgAAALzMdu+6yf+ozA96+AiYGiWKSivRXCwVQIemAAAAAAAAAgAAAK\/cqkoyX6KOmTFmsU7DtyIJ\/EOzvmpdnvZkAAAAAAAAAgAAAGjBZr\/UYwdB0KL6iSUYbzs9TxEh5PKyhirNAAAAAAAAAgAAAIJiE4B5EbAF3qKB6SZeaNlD2fmChjsWGPBmAAAAAAAAAgAAAPFQbxAziINuHsoO32VrKKjlzwsr5Ib9iblUAAAAAAAAAgAAAMO4CPlsoPBLA7lS+te0hvxapXgew8vNDkZNAAAAAAAAAgAAABj7\/rpNhNmNeY6l9SFHEQ\/Zw3KZFrz9fLovAAAAAAAAAgAAABtu1XgDL6y3kicrJbMcMQi3W3Qf1GOy6cFWAAAAAAAAAgAAAHoGdhs3JHPMX1Z+1AAZAazUZU0J7MdTAV5dAAAAAAAAAgAAACGJjlqcm9hvBGQMyKUjsi+LGgy0eLkcvD0MAAAAAAAAAgAAAO9FBhDjHO4Lfxg4LnSPHyMJxBIbisgDlBg0AAAAAAAAAgAAAG7EMuvnK2UbmjuHtozYfbaQZDrd0w0dE+YkAAAAAAAAAgAAAMKealrzNLURTWbo95g19B6dAyk1AeQ0s7ACAAAAAAAAAgAAADqKbktpBfluOfGywijBVAKpwLc9NOV6ZIfaAAAAAAAAAgAAAE41ovTk8asJkKIswlP1Nx4098UJp5VVMvZRAAAAAAAAAgAAADWeOtdlUUl+m3709kYO+6em3krg42ytPEBSAAAAAAAAAgAAAG1gXEaLYCUk37AfT3xRMAxBc5epnztHaOPTAAAAAAAAAgAAAFVBencZmqV8PYW4DTVlVWCgHfrNaNMQ2P2pAAAAAAAAAgAAAHbiKyPrDvAPJ1GeTn1al+vfZWGWah43tu6wAAAAAAAAAgAAAJTJAAbK2tRegaN8aXdu\/RKGTD8VF8PjTYysAAAAAAAAAgAAADNDqVQ4IxKoV66CB8vpEnB93LEabDD+CCdVAAAAAAAAAgAAANQCylmMIc\/llFVC4E27OU\/KHrkqQc03KGCHAAAAAAAAAgAAAGzuHplXBcQxX0OUDPsAUFYuF4aRNSTrysUOAAAAAAAAAgAAAHqH4OMdwTpm4STHKxuJckcUNC7r3Xug1AoEAAAAAAAAAgAAAJzFa\/sxDRHMv06XibQiMXTRRab+gegLbi2rAAAAAAAAAgAAAO9dG8AfOs2bSJszPquk74wVRJXXi6LBV+V4AAAAAAAAAgAAAH4HSlyxTwlP3Ij26FP2322QazeLPyr0ppC5AAAAAAAAAgAAAAacJZvfmzaNcXR9YoOEDRI3b6ZY\/B3Fcie0AAAAAAAAAgAAAGbDaJYCxqWhwk9ebMtBcZbJoTHPQBu6zX+vAAAAAAAAAgAAAIA0BZ4C5Uix+zMOi\/sLiJVPV6ojY8lFj94iAAAAAAAAAgAAABNGafpkAC7\/oFgPSriE0wbRXcUCJW4Fep8OAAAAAAAAAgAAAJGIqWp+7i5azR0XyLfAEtJne226k0vOW32wAAAAAAAAAgAAAFL7A0DB9SzH+tcfurY="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1301328089970,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328089,"pkt_ts_usec":970465,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
00569{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328090,"pkt_ts_usec":23170,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
00450{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328090,"pkt_ts_usec":82335,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -31,7 +31,7 @@
02459{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391812,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUelAAHYGbwxFdjZ6wKgBjiCN2CBFUw7CECrhQIAQAQS58QAAAQEICgA9MW0nMubk+b602WFkZHIAAAAAAAAAADN1AACPeeze\/egD94eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/ATQJGyCNG4mQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AlNCOCCNXKGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AmD+giCNeJmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AmLbJyCNv52QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AtLYiyCNfZSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/BUzxlyCNnYmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/BamfMCCNQZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/CBqBDiCNbZOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DAV5AiCNbJyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DFutkiCN1YuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DJrYQiCNQZ2QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DKr4JCCNqZ2QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DsjKMyCNWZqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em8BYyCNN5eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em8eZCCN8KOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em9ojCCN3ZeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GADkqiCNepCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAQueCCNZYeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAadUyCNppKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAad8CCN8JWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAlLyyCN0YeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAvEwiCNvpCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAw+IiCNzomQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GA6SZCCN05GQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBI3UiCN0omQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBKADSCN3YqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBaFsiCN4ZOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBeI6CCNMpCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBnbPiCNzZGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBpepSCN3ouQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GChW8SCN0ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GC4vVyCNmaSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDLKniCNl5yQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDagmCCN54yQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDmSHiCNlqGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDwEbiCNyIiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD2hRiCN2ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD6ilCCNioyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD\/OFiCNjImQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GEhY0iCNRJGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GE0WxSCN9Y+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFQOOyCN\/o+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFRGpiCN0ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFYH+yCNv5OQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFvheSCNiZSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GF3pGSCNQpOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GGz+PCCNh5OQTQEAAAAAAAA="}
02459{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391813,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUepAAHYGbwtFdjZ6wKgBjiCN2CBFUxRqECrhQIAQAQT10gAAAQEICgA9MW0nMubkAAAAAAAAAAAAAAD\/\/xhtPwcgjfaakE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xhuSywgjauMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xhvynsgjauPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xh3hUQgjcOOkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xh+yQEgjTObkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiA9YsgjbiUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiCRnAgjU+hkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiCgsAgjTiVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiD\/8kgjcyMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiKeAcgjWmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiLAhEgjfqkkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiQuT0gjSCNkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiUH4UgjSOjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiXUPQgjSeTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiXXOAgjeiakE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xijXUUgjcqSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ximvAUgjf+WkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xituAIgjeiVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xixAFEgjeuZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xi6vpEgjfOikE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjAv2kgjT6NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjA3KcgjYaikE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjF+mEgjV6jkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjQWSQgjYackE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjeT+YgjU6kkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjj2DIgjY6TkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjrwJwgjcGbkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj61PIgjQeckE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj7dS4gjSqPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj72bIgjZGPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yMLuIwgjemUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZs+oIgjWugkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZuBrsgjRiJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZwojggjQakkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZ9KGIgjdSTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ymRaGogjZmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ymxHzogjXSNkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ynUDiwgjfqSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ynobxAgjYyUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y4AHE0gjceKkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y4pYkYgjQqJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y47ECogjaCUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6EvxIgjWmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6SJtEgjXqjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6TlNkgjbuXkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zIAKw8gjVWdkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zIugKUgjTOJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zJahWEgjV2MkE0BAAAAAAAAAAAAAAAAAAA="}
02464{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391815,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUetAAHYGbwpFdjZ6wKgBjiCN2CBFUxoSECrhQIAQAQTD7gAAAQEICgA9MW0nMubkAAAA\/\/86CS+PII3QoJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87XxLxII37lpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87p46rII0pj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87p8JfII0po5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/88MGJ0II0WkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/88Mx9\/II3TpJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888G+pII1WlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888SllII0jlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888dkcII3flJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888vMpII0ujpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+EOrmII14mJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+H9clII0KipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+MMoCII0CoJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+MdfzII3DlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+UzM7II3+kZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+V8ByII28o5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+m+muII04jpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+wPIJII3kpJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+3UtFII1\/lZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+5MPqII2ppJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+7F4ZII14kpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8++M+pII1ih5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8\/fkgZII1tl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8\/ppzxII15nJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AD1HsII3hiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AFm3WII04lJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AFuvNII10k5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AGaDwII2il5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ANYDoII2InpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ARnQrII3nlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AbsApII2Pn5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AbtvCII0YkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AeVaEII0+kZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AhkYvII34h5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AkUKVII2fkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AlwETII2MiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AzkJiII2hiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Az+2GII1JiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A0BzSII1OjZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A7nxyII0mlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A7rdDII1XopBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BG1DZII1SipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BHD11II1Jj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BH9CxII2fl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIEcCII1KmZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIFBNII1ZnpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIn33II0diZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BKEa9II3vipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BKJI="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1301328319392,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":392147,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
00572{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":451340,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
00452{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":554549,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -47,7 +47,7 @@
02462{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":217722,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJZhAAHYGFw9KWbXlwKgBjiCN2DSvnGCfnCBEVYAQAQNezgAAAQEICgNMJH0nMu43AAAAAAAAAAAAAAAAAAAAAAD\/\/0NWXB0gjeyXkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0NWmMMgjSekkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OLLbQgjTOZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OLrcwgjY6PkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OYOmIgjf2SkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Oe4sogjSKVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OhVnIgjT+VkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OoiBwgjZWPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OpAY0gjaeTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Oq3nYgjSKUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrIXggjcGdkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrhTkgjeaQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrwCEgjfKRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OsEJYgjfuQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OszDUgjXWQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Os+REgjb2SkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OvR44gjWmMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OwLEggjR2WkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OwxGsgjTeJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OxIf4gjaKjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0O4dIAgjVCPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PBvuMgjWeRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PFVDUgjWWJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PMAZAgjRqVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PTQecgjVKWkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PUCpggje2NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PcGPggjQuRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PcdGQgjQaSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PiipEgjTKYkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Pp1xwgjUmqkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PqmGcgjaqMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PxmB4gjRmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P5xC8gjT6NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P\/LfYgjY+akE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P\/N8Agjb2bkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QEPaUgjcyZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QFbBMgjUGZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QGW7AgjYyUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QHrWggjdmJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QMFxIgjSWPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QPWWwgjUGKkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QhDuggjf2ZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QkU6cgjRWgkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QlQeIgjfmSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QrViwgjXuMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Q\/ZGYgjbWSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0REYVogjeCckE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0REyYIgjfaJkE0BAAAAAAAAAAA="}
02463{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":219537,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJZlAAHYGFw5KWbXlwKgBjiCN2DSvnGZHnCBEVYAQAQPGsQAAAQEICgNMJH0nMu43AAAAAAAAAAAA\/\/9EUlsgII3NlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZUKiII0dnpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZ83+II3qkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZ\/ugII0wiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ea+XvII1UlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Eb8nfII0bnJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EcL2vII0apZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ec6ibII0JnZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Edfw7II2rj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EeW4lII1UkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EkEDnII2YlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EkctyII04jJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ek9NnII2Ck5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ElboGII0JkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ElsRIII2UlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ErNkvII11kJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvBoTII0umZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvTOmII2TkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvwDMII13npBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EygJ\/II0KppBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EyhVaII3zi5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EzRTWII2nkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E4PZAII0tm5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E5LjEII3GlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E5V5RII1gipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E6HgVII2ro5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FBIiVII2LlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FHHXiII14pZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FPGerII3woJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FPoMMII15n5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FRm9SII0ekJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FRu8OII1IipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FTQiCII0zi5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FbX8sII1ApJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FbaoiII0Dl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FcEAQII1+opBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fcn4tII1ijpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fk8JiII2gj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fl\/cUII2zkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FneJLII1Go5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FnhluII3qjpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FoFR\/II33jJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fpf6NII2unpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FqYauII12ipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FqZ5yII0Wj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FrNQzII1liZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FsKZBII01lJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FslpSII2ViJBNAQAAAAAAAAAAAAAAAAAAAAA="}
02463{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":255873,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJoFAAHYGFiZKWbXlwKgBjiCN2DSvnGvvnCBEVYAQAQO9OAAAAQEICgNMJIQnMu43AP\/\/RbQFESCNTZyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RbTHGiCNcqWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RbeT7CCNVZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rc1BOSCNAYyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RdBPbiCN9JqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/ReV4diCNeZuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rec4xSCNy4+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RetVgyCNq5SQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfORpCCNlpyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfhQOCCN85qQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfmKviCNPI+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RhhpBCCN4IuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RinN9CCNDKaQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjEcOSCN8piQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjRLzyCNeJiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjzAbyCN8qKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RkKd4CCNBJWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rkin4yCNUpOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RklpGiCNnZeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RlFrGyCNeJCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RlhSziCNspGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RllZBiCNJoyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rll68SCNwqOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rlm7USCNBqaQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RmJd0yCNf5uQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnF9hyCN5ZWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnQDpCCN76CQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnRKOiCNAo6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnxDOCCNYZyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RoAF\/yCNB4mQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ro3A3iCNSpmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RqlXtSCN\/Y+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rqv90iCNgqCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rrd4+SCNRYqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RruWayCN+JGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rrx0piCNZpWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rr2AsyCNxZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rr6n+iCN2JiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RusWxiCNRp6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RvFKJyCNZomQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RvtA0CCNMpeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RwO9FCCNAaCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rw4BuiCNqqOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyBS0yCNeI6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyGW8CCNEaWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyMYNSCNA6aQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyO3HyCN8Z+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyWoWiCNEIyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyqyTCA="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1301328472925,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328472,"pkt_ts_usec":925065,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
00572{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328472,"pkt_ts_usec":987383,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
00452{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328473,"pkt_ts_usec":77893,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -63,7 +63,7 @@
02382{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711361,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcPyxAAEAGnl\/AqAGOQkRTFthXII0tj8bs9ZifdoAQ\/\/\/SMAAAAQEICicy9YgASvKxAAIAAABFXWrQVvbsNkns2a60x2USdIEqERXbJOrvNAAAAAAAAAIAAAA7vQ5BosUPrVZjKdAL7zX\/8bYb7ynMEIjweAAAAAAAAAIAAAAGqi1mPljOLodCHxF6Ou2vTSpac5YgrZnZOgAAAAAAAAIAAADqFZvMCZZ\/a9ywCi78JveOO3nLdosTGXsSwQAAAAAAAAIAAAAMEGCF\/hpFzlDVs2g1iJ5taZJUXL5CmJ3SbgAAAAAAAAIAAAAAdluO5YenjS24zFCzQPee8W6dInFD5HEBnQAAAAAAAAIAAACjJFKK4B\/yWs7ctWWvrEMK+v0wNPYchkwhKwAAAAAAAAIAAABfWAmBUPnup5qbH54NdI\/RWd6CH\/GdXrNsjQAAAAAAAAIAAADplT2BbwlOD1ps8kZW65H\/4Huj320brOdopgAAAAAAAAIAAACuOivLFcMPpAPVrEoDU8pnsWW5\/ykQzsKPxQAAAAAAAAIAAAAnSBVp21x6mdQcUx1S+ahnf3OnQKYc665D1gAAAAAAAAIAAACSYU6326UHTpv7qhNuO2JaRnWIxGpSIOgJCAAAAAAAAAIAAAD0nXz6cSTMNqlGPTX3FRFmEDpBnnnt99OBHQAAAAAAAAIAAAC6+qIVF8vuk2w0Rb7dJavDNKS69bLja2q12gAAAAAAAAIAAADEOWT2Ywk1crHBBydOzVuwDcubchV08Y8OOQAAAAAAAAIAAAAOSO5tTwbb6OzN6H+erjXLWrf22APdlzvIfQAAAAAAAAIAAADoyi8dRUSAsXVFgF791wqLAKNkEbFYWZWbgAAAAAAAAAIAAAAYjYz3svKKCQns+8WL1KiwCTzjxsMtUUaUTQAAAAAAAAIAAAC8zHbvusn\/qMwPevgImBolikor0VwsFUCHpgAAAAAAAAIAAACv3KpKMl+ijpkxZrFOw7ciCfxDs75qXZ72ZAAAAAAAAAIAAABowWa\/1GMHQdCi+oklGG87PU8RIeTysoYqzQAAAAAAAAIAAACCYhOAeRGwBd6igekmXmjZQ9n5goY7FhjwZgAAAAAAAAIAAADxUG8QM4iDbh7KDt9layio5c8LK+SG\/Ym5VAAAAAAAAAIAAADDuAj5bKDwSwO5UvrXtIb8WqV4HsPLzQ5GTQAAAAAAAAIAAAAY+\/66TYTZjXmOpfUhRxEP2cNymRa8\/Xy6LwAAAAAAAAIAAAAbbtV4Ay+st5InKyWzHDEIt1t0H9RjsunBVgAAAAAAAAIAAAB6BnYbNyRzzF9WftQAGQGs1GVNCezHUwFeXQAAAAAAAAIAAAAhiY5anJvYbwRkDMilI7IvixoMtHi5HLw9DAAAAAAAAAIAAADvRQYQ4xzuC38YOC50jx8jCcQSG4rIA5QYNAAAAAAAAAIAAABuxDLr5ytlG5o7h7aM2H22kGQ63dMNHRPmJAAAAAAAAAIAAADCnmpa8zS1EU1m6PeYNfQenQMpNQHkNLOwAgAAAAAAAAIAAAA6im5LaQX5bjnxssIowVQCqcC3PTTlemSH2gAAAAAAAAIAAABONaL05PGrCZCiLMJT9TceNPfFCaeVVTL2UQAAAAAAAAIAAAA1njrXZVFJfpt+9PZGDvunpt5K4ONsrTxAUgAAAAAAAAIAAABtYFxGi2AlJN+wH098UTAMQXOXqZ87R2jj0wAAAAAAAAIAAABVQXp3GZqlfD2FuA01ZVVgoB36zWjTENj9qQAAAAAAAAIAAAB24isj6w7wDydRnk59Wpfr32VhlmoeN7busAAAAAAAAAIAAACUyQAGytrUXoGjfGl3bv0Shkw\/FRfD402MrAAAAAAAAAIAAAAzQ6lUOCMSqFeuggfL6RJwfdyxGmww\/ggnVQAAAAAAAAIAAADUAspZjCHP5ZRVQuBNuzlPyh65KkHNNyhghwAAAAAAAAIAAABs7h4="}
02382{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711410,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcJD9AAEAGuUzAqAGOQkRTFthXII0tj8yU9ZifdoAQ\/\/+PywAAAQEICicy9YgASvKxmVcFxDFfQ5QM+wBQVi4XhpE1JOvKxQ4AAAAAAAACAAAAeofg4x3BOmbhJMcrG4lyRxQ0Luvde6DUCgQAAAAAAAACAAAAnMVr+zENEcy\/TpeJtCIxdNFFpv6B6AtuLasAAAAAAAACAAAA710bwB86zZtImzM+q6TvjBVEldeLosFX5XgAAAAAAAACAAAAfgdKXLFPCU\/ciPboU\/bfbZBrN4s\/KvSmkLkAAAAAAAACAAAABpwlm9+bNo1xdH1ig4QNEjdvplj8HcVyJ7QAAAAAAAACAAAAZsNolgLGpaHCT15sy0FxlsmhMc9AG7rNf68AAAAAAAACAAAAgDQFngLlSLH7Mw6L+wuIlU9XqiNjyUWP3iIAAAAAAAACAAAAE0Zp+mQALv+gWA9KuITTBtFdxQIlbgV6nw4AAAAAAAACAAAAkYipan7uLlrNHRfIt8AS0md7bbqTS85bfbAAAAAAAAACAAAAUvsDQMH1LMf61x+6th\/o8N8aHkr7wr8ECQcAAAAAAAACAAAArKo3+zDpxlL2nEP\/3d1oS9iutturX4B52nEAAAAAAAACAAAARfzjwiPeZ0flmgweGmX2tJVQwL8MvknAoykAAAAAAAACAAAASB5euyMIlfGEtj3qEE5TYjHr2z1bccGqn4cAAAAAAAACAAAAeVnBbHwqpKyK1rcCdXTEWJntYcK3okUpOTQAAAAAAAACAAAA5KgJjoa5ei\/vYUOuWIWTRjHK3LfoehnZHCgAAAAAAAACAAAA5IbidwMDw5BgR15kcqqEoL2z3qC2QzUvTL4AAAAAAAACAAAAdkBslBkKiy3\/LmRyFa86NDmuE7G6H352Tb8AAAAAAAACAAAAhP085R0B6efS4IxDBy\/OsTK8Kqga2MJ5PbcAAAAAAAACAAAAO02KVrR6aE2rfE+ZFdYPcOTmaqRkWQZS6qwAAAAAAAACAAAAf5Y6XGhmU49OzkTrh1iU1guiCZCVvcOZYy8AAAAAAAACAAAA4NoGbNcr1NNbzpyDtUfMmpVsQUyJj1203NQAAAAAAAACAAAAyc3j05VK8McSh\/T0XvY3yMLZ0UOY6GQdhU4AAAAAAAACAAAAe1098SMwfT8bLgiHrFJ0MbhlWXMd\/4agSDwAAAAAAAACAAAAqgwFqWUyklZ7fPjvSnfO1R619bvAQk7g5J8AAAAAAAACAAAAIiwS6RZvsmDWMdAA6GTGKsp8Iyxxknayuh0AAAAAAAACAAAAPTVzJGF4TyrxgaUSCX8Jut\/vdKByuQhlGMIAAAAAAAACAAAAwp9Cm8B2W7AD54HiaJ+JRuLynlAjoS380B8AAAAAAAACAAAAc20bFearSkapJgTgs9ecd1xBog0bdmvDmncAAAAAAAACAAAAvbaZ9Jy3L747GMKaga0N06XTw7JKDSRzuUgAAAAAAAACAAAAwnWTLeXALAn5w522q9P6YECo3KeVee1+AskAAAAAAAACAAAA9g09piEVm9shum6Wx\/vXXRX2dYjcZRZndg8AAAAAAAACAAAAblpXvCT19Mg7oMJUKnA5eS6MrHg1EaY1GTMAAAAAAAACAAAAtmRuSOhKGer96r4S5OxzpmyFeRRnsLhls9gAAAAAAAACAAAA03L1iEnzDxJ+X\/J1L0686vfCTgcl9fSiPTYAAAAAAAACAAAA\/HRKISCabq0Vp7Sd0UrVPJNd7ay6JPNmFYkAAAAAAAACAAAA3uU\/6OpiQVvuxrqCp5kNJ5MWMjwuAiyIkzUAAAAAAAACAAAA6YxFzypDqvOqMmmO28qUmZtxNZcaEvdNsSIAAAAAAAACAAAAjmtOep5Jyv5WwgTsbq+ENSueNskEjU\/pz7oAAAAAAAACAAAAf7o6uor2Pud9ASRI9Ci5qBCvf8cdKTVwxJIAAAAAAAACAAAA0PTviA2h0VgW0JA="}
02382{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711425,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcTRJAAEAGkHnAqAGOQkRTFthXII0tj9I89ZifdoAQ\/\/+W6wAAAQEICicy9YgASvKxEtbia+zAFosRvZlvRWFdAAAAAAAAAgAAAK+N8wyz2+NyPC3uk2aC4K9BtrDiHxRn9pIpAAAAAAAAAgAAAI4oDWrqj19GZPIOEvbFhc+FeqUzigDwvsoSAAAAAAAAAgAAAAwX5EqvP3lTY6y+Y4WfFvLo8Wlb7gEIqk3FAAAAAAAAAgAAAKq4BMkaJPJW7ZO+o48CmY4dstKhXSuc4wS3AAAAAAAAAgAAAGehpd\/+j1eZfGi4sjd1NPkjk5aSHzeJZcIsAAAAAAAAAgAAAAjBZdUstdgIEQbRTbWr6I8hCehe0L9HyHg2AAAAAAAAAgAAAAIujaIuPzWzMwT2x8KwfoDGZuYy6w53x3qdAAAAAAAAAgAAAIV1Sc5NbUWv3lMm18LaG38MNWngifDemeQLAAAAAAAAAgAAANh5afRkPt2LVvqFCh2wDgjwZYR9WsDBT70BAAAAAAAAAgAAAEu686rHaCUU9lgnwUKVYxb6ND4tbABowLp6AAAAAAAAAgAAAJoekg5hnUdVhxDiuO4pCFiJNlZhZHh2gNGhAAAAAAAAAgAAADQVeJHeUb0JawS0q1oGY7hw6kEG0y9VAljOAAAAAAAAAgAAACZb\/tBE9BuBKW\/R61IJFrqA3LzhWTm+AwqVAAAAAAAAAgAAAKhPcwdELPBw5qHr+Nt30PbvRjDlgCWmmgKIAAAAAAAAAgAAABiQc59fQOKO5NJxxpRkoHe\/kjTN4bNq8RykAAAAAAAAAgAAAJfBeBEgW+DRP9id8mrxfkO8jnnVXMHqfXAiAAAAAAAAAgAAABBXCIVoKFDJxvVK7JR9zIZRrnrIvgC3NS8sAAAAAAAAAgAAAMIWv8HUSmiQrylpM70T6xFSwGai5UQ\/iRdfAAAAAAAAAgAAAMOD\/4A1xzCPrVUH8uPi+LbG\/8dxG\/yo7OtpAAAAAAAAAgAAANXRq4OleHWPB1XjK2hS+JU6vZInIH1P6k9YAAAAAAAAAgAAACjCbLNR7uZ40saHM6n5a83mw74PjUR+8tkJAAAAAAAAAgAAAMm7GZ8nVpaoW8+QH44jWZ\/3jZzBQiuEkkgXAAAAAAAAAgAAADOuloceXtV5\/WD7yN+wCcKKHUORl5YQGIYLAAAAAAAAAgAAAFR4YTNLv\/tOGdZZwHowmnUao3Z4dXzI5n+WAAAAAAAAAgAAABWoZ3QgEsq2F+08TICFiBBZslLLbOJzVBlJAAAAAAAAAgAAACfyAic0uO09\/h6sBmT5HdrHQe6XINUmmLIUAAAAAAAAAgAAANyF3AEQwOfXIOsNvpsIt4FJRQs4Rs7xti+WAAAAAAAAAgAAAHnVEK6Nkwoo9ATeHtFauKbkCZhn5l8ov8NlAAAAAAAAAgAAAAgEDuvLL04YGUh58QlrbLS630gILBMLNnWMAAAAAAAAAgAAANjATLDiGQXgWpPKbnsXTv\/7z2OjohpGTf8cAAAAAAAAAgAAAPHDDqAu5BtThheJpjtS0EQmcpwPO\/JLBn26AAAAAAAAAgAAAJ4LZFri6DXBQPdjJOPqIJdHXbSs6hIDJSRiAAAAAAAAAgAAAF4cmmcnuYHX7JX\/e8whhI8Anl7EmX1Uol7DAAAAAAAAAgAAAJVbzfHr5cRnQn2JRfkfPD9ObptrnH76MXB0AAAAAAAAAgAAAO5QxZ6yN8BpLlqdbynfw9B8x3J7esapJqWwAAAAAAAAAgAAADm0EvV4HVRE1W5mO7JnxVLLrvi2o07gaBA7AAAAAAAAAgAAAO5995F4t6IbrRFOIJ1eb4mgkTe+ee5TrqwhAAAAAAAAAgAAAI8qiGDXHXsjExspqHTqpKlS\/2C\/6Gevr4d+AAAAAAAAAgAAADrpi2NFLURr3H1xE4pY6mqIPsxPlafbX5SQAAAAAAAAAgAAAMug60RTMRGrrs5PR2eZr8shyTg="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1301328699728,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":728375,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
00572{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":856583,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
00452{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":969841,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -79,7 +79,7 @@
02231{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328741,"pkt_ts_usec":904043,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"pkt":"ACPrIpS0ACNshovhCABFAAVpWp1AAEAGRC\/AqAGOw9oQsthoII1BDYi74yO6GoAY\/\/IcLAAAAQEICicy+sQAADKGAAIAAADY5Jv9Wp5Y\/VlK7zn+M3psyO6v58ocr1gjXwAAAAAAAAIAAAAj8y\/VFduFnfS\/W1tJVw9BqvcP+Ga\/L7DxpQAAAAAAAAIAAAAdulorUZ0r1Bp5qvW6n69WNVmqFtc2o7nuIQAAAAAAAAIAAACF4EsrriG\/Bg\/avUsxsnIUfzWxYyP7H8KiVAAAAAAAAAIAAAApMlJSuruXNQJ7E3j6VqJtU3vB+nvF+jwqLwAAAAAAAAIAAAAU7wWylRiKT\/t4gncKZvvlTkJ8DIDqwpvGEwAAAAAAAAIAAAD8xxgHVYziGdILD9iQ3prYr72u\/hAy6BC9dwAAAAAAAAIAAACTmXkCJ1IZc1TVCwpGVRao2iznUJO185KD5QAAAAAAAAIAAACBrhd1Wx3sR3wtVZklG7lWj2m57BQ4waFRfwAAAAAAAAIAAAAplaMAc59KTILzEbWvcjOLcBgzWeNtIfvnxQAAAAAAAAIAAADdRkXGEpZzojHNFWqS2mbbQ8escZ8u7GwkDwAAAAAAAAIAAACiGpPD2anVXmVX51ZmiapNqv8MBUZb81v3YgAAAAAAAAIAAAAveyvKJQJnlZfzL+\/VNoZSq25Pa+MOTMF8IgAAAAAAAAIAAAAAYAfEddAhL+QxG+1YfbZAiOyScjI70T1mAQAAAAAAAAIAAADDlkoOm43jthXUl89SoydtGxsVamIkHDRQ6gAAAAAAAAIAAACjoXYnqgVTWl95XjR5C0xXPz6nwE7Yk0jcjAAAAAAAAAIAAADCR9WKDbDxORMbL+vCle1i2Z7xWbJ+Yl9OUQAAAAAAAAIAAAAuMJir\/wxm8Rl6WlLgD45t5fApksy\/2k0ASQAAAAAAAAIAAAD9w92hC+Pr5XxNHUnNj\/JUifYpKT+YfFyqYAAAAAAAAAIAAADIE4l07qncQPmkE2WdezFAXjIicNDHHDNLMwAAAAAAAAIAAACnX5pJsvIfYbXMXP98w+eMXM64pS5r1Tvc1AAAAAAAAAIAAAANXn+pUFty9m8JNxoUo+Ydy+uIfYHaXBxKBwAAAAAAAAIAAACiDiTBYx8c7bEKFbZqQGbuSvQbD7y2takz4gAAAAAAAAIAAAAPcUg68CObZPUfwPMdVy2SA6O0rWDt9eawCQAAAAAAAAIAAADqrR\/3MdSq8qfxib4ya2e9RCt5VwCbXeJzggAAAAAAAAIAAAD5OvOCDWK8u0\/V239MWlC7gFWosSybYCEhlgAAAAAAAAIAAAD6Wgpf3zEkEw34629N6KE\/5yJ5ArEORx8RlAAAAAAAAAIAAACueQIT9wQlfthpG6x8cqYrfudb\/2EX9p5r3wAAAAAAAAIAAABcWCay6ewzlVfP9qTq6DD6hxVBRpAhIWoSiAAAAAAAAAIAAAAUGJCFgf8XbmZs+AoOz5ps5ceOkDHIKYgjbgAAAAAAAAIAAACMdLfoHXtZIC95N1dOOZG0IVr9sKfUDcI34QAAAAAAAAIAAAB2ddp6YyatHmLm7NKZpu6pyevVyw+3+tJ5ZgAAAAAAAAIAAACAZtgQU1Rchqkb+uMisrXy5eAYxPzOgIh0HwAAAAAAAAIAAADnyOKsbXngA6pszznyHxrwURyEjFmXrkKAigAAAAAAAAIAAAAPZU6E4uOdc8X9iSxXWroXE1qYYfjeuqzKRwAAAAAAAAIAAABpQUMlHnlok86akaHiVT\/mFi59FmSc7k0X8gAAAAAAAAIAAAC6RXEw4hRQEPMKqEsjA1v0qVL+N+wky+uT0AAAAAAAAA=="}
02460{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328743,"pkt_ts_usec":100003,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcB51AAHUGYbzD2hCywKgBjiCN2GjjJCWSQQ2N8IAQAQTtnQAAAQEICgAAMv4nMvrPAAAAAAAAAAAA\/\/9OZhMCII1fp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OaTyqII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Oak4KII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ObbYrII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OgMTJII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OibIBII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Oj4sMII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ok01XII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OmluBII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PQ+u9II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PRuXOII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PWFH5II1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PYWlEII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PZysAII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Pb+qKII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PcDUsII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PcHKJII1ap5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PfD5SII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PgRhjII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PjJQTII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PpBoMII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Pqw2rII1Yp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ps8qYII1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PtblHII1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PzG9HII1Yp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9P0EZ6II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9P\/knSII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QA02HII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QA5drII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QHtqMII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QKtbLII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QOMSbII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QRCrkII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QRuxGII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QR4dUII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QSEnQII35vrTZYWRkcgAAAAAAAAAAM3UAAO3uR5P96ANep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QWUxSII1ap5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QZZdZII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qf5LXII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QqwaJII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QsJT0II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QsZMiII1lp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QvWeGII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QwaTGII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qyl23II1kp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QymOOII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qyt1KII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8="}
02462{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328743,"pkt_ts_usec":131888,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcB55AAHUGYbvD2hCywKgBjiCN2GjjJCs6QQ2N8IAQAQRnRAAAAQEICgAAMv4nMvrPUMtdtiCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UMv5tCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNW6PiCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNkerCCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNoQyCCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNzYxiCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN0dSCCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN01MyCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN6CESCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN\/eXCCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UOskVSCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UTk33SCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UVjeMiCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UWuW\/CCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UWyc4yCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UW37PCCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UYoMSyCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UZDx8yCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UZExAiCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Uafu7iCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ua6aSCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ua+D+CCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UbKHmiCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ub9iASCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcH7AyCNVYqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcgHZSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcgWpyCNWKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UeapJyCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UegJwSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UerxUSCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UgI56yCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UgdeYSCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UghK8iCNX6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ug0QPSCNWKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhAfoSCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhBs8CCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhxcFyCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiA7RCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiM06CCNY6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UilhHSCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiuZ9SCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Uix\/9SCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ui4++yCNZaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkMkpSCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkTZDiCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkXVniCNYKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkZgGSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ul+wDyCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UmM0OiCNW6c="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1301329304767,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00574{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329304,"pkt_ts_usec":767401,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
00572{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329304,"pkt_ts_usec":813916,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
00562{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329305,"pkt_ts_usec":5443,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}

177
test/results/bittorrent.pcap.out
View File

@@ -1,51 +1,51 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":246718,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01302{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":465293,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":550422,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":858917,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
01260{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2405,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
00627{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2492,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"LFbcjDU0xCwDBkn+CABFAADK\/idAAEAGAADAqAEDUjlhU86Xz5EMkOiMIylXIoAY7zF19AAAAQEIChnb8wcAFHn+aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpSOWFTZQAAAAEP"}
00444{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2632,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCeFJAAEAGAADAqAEDUjlhU86Xz5EMkOkiIylXIoAZ70J1bAAAAQEIChnb8wcAFHn+AAAAAwmf\/wAAAAMUAwA="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":259674,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00541{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":318758,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
01337{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391655,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
00606{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391790,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"LFbcjDU0xCwDBkn+CABFAAC41NtAAEAGAADAqAEDU9i48c6fyNXli2mfSWt9n4AYK9\/PHwAAAQEIChnb+G54G0dGaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpT2LjxZQAAAAEP"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441455,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441488,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00547{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":680695,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
01300{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689018,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
00601{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689132,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"LFbcjDU0xCwDBkn+CABFAAC1EEdAAEAGAADAqAEDTzXkAs6gOSOymih3I+P32oAYmvb1igAAAQEIChnb+ZYAAH2qMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpPNeQCZQAAAAEP"}
00447{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689263,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABC3FpAAEAGAADAqAEDTzXkAs6gOSOymij4I+P32oAZmwf1FwAAAQEIChnb+ZYAAH2qAAAAAwmf\/wAAAAMUAwA="}
00448{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":170199,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCmoJAAEAGAADAqAEDU9i48c6fyNXli2ojSWt9n4AYK\/LOqQAAAQEIChnb+3R4G0d8AAAAAwmf\/wAAAAMUAwA="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":233620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00582{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":293627,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
01263{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357464,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
00599{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357569,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"LFbcjDU0xCwDBkn+CABFAACxx\/1AAEAGAADAqAEDlxpfHs6hWJHZNtX8fkyVyoAYJmO4hwAAAQEIChnb\/CoRKfe8dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcaXx5lAAAAAQ8="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":452512,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00591{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":153525,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"LFbcjDU0xCwDBkn+CABFAACrZhpAAEAGAADAqAEDlxpfHs6hWJHZNtZ5fkyVy4AYJnO4gQAAAQEIChnb\/0ERKfrcAAAAAwmf\/wAAAAMUAwAAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":321042,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00571{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":481962,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
01274{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641866,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
00605{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641981,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"LFbcjDU0xCwDBkn+CABFAAC2nnFAAEAGAADAqAEDxmSSCc6n6wMx0m183F515IAYZnkawgAAAQEIChncASMB8nFWZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMjp1dF9yZWNvbW1lbmRpNWUxMDp1dF9jb21tZW50aTZlZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6xmSSCWUAAAABDw=="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":675839,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00446{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":78142,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCIPVAAHYGyZfGZJIJwKgBA+sDzqfcXnXkMdJt\/oAYAQEO9wAAAQEICgHycYEZ3ACEAAAAAwnrAwAAAAMUAwE="}
00590{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136116,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
00570{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136499,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"LFbcjDU0xCwDBkn+CABFAACdvFdAAEAGAADAqAEDU9i48c6fyNXli2oxSWt9n4AYK\/LPBAAAAQEIChncAw54G0oPAAAAZRQGZDg6bXNnX3R5cGVpMGUzOm51bWkyMGU2OmZpbHRlcjY0OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl"}
@@ -54,26 +54,26 @@
00438{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":374421,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xCwDBkn+LFbcjDU0CABFYAA7Gf1AADIGX+tT2LjxwKgBA8jVzp9Ja32f5Ytqm4AYEB4d7AAAAQEICngbU7QZ3AcQAAAAAwnI1Q=="}
00484{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":374553,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"xCwDBkn+LFbcjDU0CABFYABcD45AADIGajlT2LjxwKgBA8jVzp9Ja32m5Ytqm4AZEB6lPgAAAQEICngbU7QZ3AcQAAAAAxQDAQAAAB0UBmQ4Om1zZ190eXBlaTFlODpjb21tZW50c2xlZQ=="}
00447{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":590592,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFAABCWLhAAHIGbLK+Z8M4wKgBA7YpzqY3Rp8Zk9Uw2YAZAQFLnQAAAQEICgC\/bJ8Z3AbVAAAAAwm2KQAAAAMUAwE="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":358684,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":533855,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00590{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":879822,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
01259{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888825,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
00630{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888918,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"LFbcjDU0xCwDBkn+CABFAADJ6cdAAEAGAADAqAEDUjlhU86qz5GeFCr+34MkuYAY0oJ18wAAAQEIChncDb8AFHy2dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlI5YVNlAAAAAQ8="}
00456{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":889121,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH5SFAAEAGAADAqAEDUjlhU86qz5GeFCuT34MkuYAZ0pJ1cQAAAQEIChncDb8AFHy2AAAAAwmf\/wAAAAMUAwAAAAABAg=="}
01414{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":129053,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":234548,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":240646,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00665{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":265759,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00554{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":295037,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
00571{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":314407,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
00949{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":341953,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
@@ -81,62 +81,54 @@
00642{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":379692,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"LFbcjDU0xCwDBkn+CABFAADRiRFAAEAGAADAqAEDlxpfHs6vWJEERbYz8qKrG4AYJI64pwAAAQEIChncD6ARKgtUY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6lxpfHmUAAAABDw=="}
00661{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":393811,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
00458{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":394012,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHP2VAAEAGAADAqAEDl0j\/o86w6hjbuZX6\/XvsloAZKEhY0QAAAQEIChncD64AaNAEAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":407300,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":622629,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00456{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":169825,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHu31AAEAGAADAqAEDlxpfHs6vWJEERbbQ8qKrG4AYJJ+4HQAAAQEIChncErERKguWAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00493{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":244642,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"xCwDBkn+LFbcjDU0CABFAABjNRhAAHUG5CNSOthzwKgBA5Whzqv4VNChMb0e+YAY+6GlEwAAAQEICgCERrEZ3A98AAAAAwmVoQAAAAMUAwEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":336620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":513452,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":582427,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00665{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01309{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697499,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
00666{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697619,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"LFbcjDU0xCwDBkn+CABFAADktcxAAEAGAADAqAEDxmSSCc6z6wOon+wFBozYFoAYZUAa8AAAAQEIChncFLoB8nNNbmx5aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OsZkkgllAAAAAQ8="}
00538{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":23540,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
00447{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":34844,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCbrhAAHYGe9TGZJIJwKgBA+sDzrMGjNgWqJ\/stYAYAQF3lwAAAQEICgHyc3EZ3BQDAAAAAwnrAwAAAAMUAwE="}
00599{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":175253,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwJkxAAEAGAADAqAEDxmSSCc6z6wOon+y1BozYJIAYZVEavAAAAQEIChncFpQB8nNxAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":229541,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":285065,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01294{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324542,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
00659{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324595,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADe4MhAAEAGAADAqAEDlw8wvc61t5l0EJEh2E\/DpoAYIOSKSAAAAQEIChncFyZLXJjmMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcPML1lAAAAAQ8="}
00457{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324725,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHCeZAAEAGAADAqAEDlw8wvc61t5l0EJHL2E\/DpoAZIPWJsQAAAQEIChncFyZLXJjmAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00547{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":285065,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
01294{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324542,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
00659{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324595,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADe4MhAAEAGAADAqAEDlw8wvc61t5l0EJEh2E\/DpoAYIOSKSAAAAQEIChncFyZLXJjmMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcPML1lAAAAAQ8="}
00457{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324725,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHCeZAAEAGAADAqAEDlw8wvc61t5l0EJHL2E\/DpoAZIPWJsQAAAQEIChncFyZLXJjmAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
01340{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":685435,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="}
00666{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":685564,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"LFbcjDU0xCwDBkn+CABFAADjfklAAEAGAADAqAEDvmfDOM6ytinSUvZ8M6byOYAY+2REIQAAAQEIChncGI4Av3vbbHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6vmfDOGUAAAABDw=="}
00482{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":954819,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"xCwDBkn+LFbcjDU0CABFEABafuBAAHYGa5TGZJIJwKgBA+sDzrMGjNgkqJ\/tMYAYAQFDwAAAAQEICgHyc80Z3BaUAAAAAQEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
00477{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":955018,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"LFbcjDU0xCwDBkn+CABFAABWJDVAAEAGAADAqAEDxmSSCc6z6wOon+0xBozYSoAYZVEaYgAAAQEIChncGZoB8nPNAAAADQYAAAMwAACAAAAAQAAAAAANBgAAAzAAAMAAAABAAA=="}
00599{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":174644,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwZdxAAEAGAADAqAEDvmfDOM6ytinSUvcrM6byOYAY+3dD7gAAAQEIChncGnQAv35iAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":413724,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":422152,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":413724,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":422152,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
02384{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574300,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+LFbcjDU0CABFEAXUB15AAHYG3ZzGZJIJwKgBA+sDzrMGjRYqqJ\/tU4AQAQG8XgAAAQEICgHydAoZ3BtZaj4Otodbsp7HwOrWkU\/l\/Z5dQRXljshJbIjPWf0VHO+Ec\/y3FSyWmsRQp46nPFKjHG0PZVKmHo4Ws8XSdOtRrVKmJnR9tRw2Lpv2cqWKq0cLhavn8Z4TA47AUc0w2JUa8KcqFaOHSq4mphalRSnRgqWW4rMcRVoVlTxLjhcVQhTjSqylNP2UpfjD8Y9M+FMPxh8eeE\/2dfFGreIvh5Z+Ob+1+HWva7HJFrGoQXll4Y0qLUPt9lNJ9p0PRruPVIbL7XokxuNNkKWcEt1MzV5X4b8ReJPB9i0eiXZ0eOz8PS25vdA1zUNNkl8O2mtaPexzW+npqYtl0rW4XtzM7G4E0zD99LvmtbT97JvGn7OX7VnjbVf2XU\/Zo8UfBr4TfB7QLvxb4H+Oa+A7bwv40+FureGxDqPia1vNHn8F6fNZeFdZuNVsZjBd6\/rjX1iWe4NnfQWZs\/52dJ1YWWn6bfvts47nSbmzuZi0hha0GlWclraxwaTLctcweTE63KShXCT3b3SmdPOr7TJ86eYT+sYanicuzjKKWHxLwmIoqhiaeLxU8XisJOlUy+nQoS9uqHtfYUVzUMbXlh62FpqVFT97hLO8f7D6nmeFqYSeFoUZSk8RXqrEYKqsWp42pOLwTWJxSVaNenUw1J03Gph68K1oTh+j+s\/AP4kftGa7YeLvBem+H7D4cx+GdGtrS7l8RNq3h7wk04uLK80v7dbiTWk1f7WEWeSTRbiManb\/AGkAAEAJBwAAAzAAAMAAeEyvA55bwvDrn7OWp+NvDvjLxNdWevWVzfx+DLLw9p9j4rsrjxrd2V1dnx54eW9vdP0e3l0G0naO9MlidRjaUkWqSOZIcnwV8SNTn\/Z51DSfh20PhbxB4Q8Q2tzqslhf30fiu40PWdfbUdKvI7HSLhEZhBHdSRXhjuYLeOAbkt2jjNfMt\/r\/AIt8R6qza7rHi7Ufs1nf5jtFuNQi0rToNEvNVurWzttMms7B4UkUPLcJaw2t2qvO03mMxr188w1THZVl2PxGcYlLMcup4RYOvQVaVLD4GnHKq86+Yc+PeOhmlClTq4zDOMalPKczw7o151Y8tf8AccbnPCuVQwtbJOHpw4qWI\/tivm6qwp4SrDOIQzGeBwGUYTJsslgYZVWxCwtLEYbM7RxmFxTwbpupQeGi1W5uZLi\/v7p73VtcmmtNUtdXuxaahJa2M2qW8ems1ml1dQXd85aQyaXerMqy3ETXEoEQlT2D4H\/G7xx8Kri58J6APhX4SuPG3inRrnXvEHiXwofEV\/oUenmw0rTri8NhqWtTDwtoDJJfXlvFpU9yFMjoXVAG+frtJ47WwtdWOu32n3drb6ZPYTCyuna3jkiW7\/s2e4WFIpVS5jEUb3NxDHvLSSqIRnuvBF5p2lPpXxA1Xw\/4Lv5Tq2uyeH\/DPi7VtW+0arqOqWlzbW+v6zommXNjB\/wi\/hC6XLRzzWQvJE+ystxAs0i\/PZ1gaWPwtTJcxyKliqde\/s6OHeFlRqV6Mm6S9niKlWCUHTlXlSeHdDD1IKtKHssPOR85w1n2f5Bn9XN8pzWvk9WCn7TMG6tSph6GIaca0cTGWMq0WuesoVMNhsRXU413QlPndav+vP7SfxM8UeH\/AIA+L9B8DePPD\/ibwHYXeg+DfGfi8eM9OsfFHiPUJLa51WLXLjwd4UsLXwdpqeHr2Rr+y0q3juXs5J5RJF9hSS5n\/Fjw3dy6tB4nvZ78wLpn2i\/ht7lIIo2vFktrlNRjsLrUbdZtQtlmVIbVJb2SN42YSSASNb\/c3wluPBnxm+GUOm\/FDUrr4a\/CH4Oaz4w1z4qa74EtPD6ar8Vte+J+kaze+HhaR65rc8s3i+60vTFsNMDW2vSWui2GEiSD7Lbn4V8TR6RNPr+naJeeJJ7HStRu5PDc1rc3qald276v"}
00453{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574440,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFMFJAAEAGAADAqAEDxmSSCc6z6wOon+1TBo0byoAYZVEaUQAAAQEIChncG\/wB8nQKAAAADQYAAAMwAAEAAAAAQAA="}
00591{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":654379,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
00590{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":662941,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="}
01254{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":678722,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="}
00639{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":678836,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"LFbcjDU0xCwDBkn+CABFAADPg31AAEAGAADAqAEDX+qfEM65oPXUDp2lZKj3F4AYkTPBZwAAAQEIChncHGECELSzaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Ol\/qnxBlAAAAAQ8="}
01256{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679019,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="}
00456{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679029,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH9ndAAEAGAADAqAEDX+qfEM65oPXUDp5AZKj3F4AZkUPA3wAAAQEIChncHGECELSzAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00632{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679075,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"LFbcjDU0xCwDBkn+CABFAADJsAZAAEAGAADAqAEDX+3BIs66LDm\/gbLB+oH+aIAYlrHjdgAAAQEIChncHGEAA5iBdXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Ol\/twSJlAAAAAQ8="}
00457{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679182,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH3TRAAEAGAADAqAEDX+3BIs66LDm\/gbNW+oH+aIAZlsHi9AAAAQEIChncHGEAA5iBAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00591{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":654379,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
00590{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":662941,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="}
01254{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":678722,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="}
00639{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":678836,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"LFbcjDU0xCwDBkn+CABFAADPg31AAEAGAADAqAEDX+qfEM65oPXUDp2lZKj3F4AYkTPBZwAAAQEIChncHGECELSzaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Ol\/qnxBlAAAAAQ8="}
01256{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679019,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="}
00456{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679029,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH9ndAAEAGAADAqAEDX+qfEM65oPXUDp5AZKj3F4AZkUPA3wAAAQEIChncHGECELSzAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00632{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679075,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"LFbcjDU0xCwDBkn+CABFAADJsAZAAEAGAADAqAEDX+3BIs66LDm\/gbLB+oH+aIAYlrHjdgAAAQEIChncHGEAA5iBdXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Ol\/twSJlAAAAAQ8="}
00457{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":679182,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH3TRAAEAGAADAqAEDX+3BIs66LDm\/gbNW+oH+aIAZlsHi9AAAAQEIChncHGEAA5iBAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
01936{"flow_id":17,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":731169,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"pkt":"xCwDBkn+LFbcjDU0CABFEASOCbVAAHYG3IvGZJIJwKgBA+sDzrMGjVQKqJ\/tU4AYAQFk2wAAAQEICgHydBsZ3Bv8PncqCjSqWjSdouhGTvVWk4OWdqW+50uGDURdo8lvo1rOI1mfzBIoa4vbqeeadraBPMYiNbG4RAmJbcSEzkjsbiGKO3itrmN7g2mjxWRvbSCfTrbSbiyI\/s+YXm++3zmIq4tbKzkWT5Yt0QkrcuZZrm0F2LrxTOsl5qMmoyrp1jqM8l5bX0EWnSRznW5nuZLXOyKFtRjjt4WCREphW2\/I2NPaTQ6hHIttdXM8l3E11LOb+N7nTWgE7WUM1qZ1lSZksLNLcm6RZDiAknOeAoUKjlSqSpYqVSpCnOdOnGaqpawkqM6acoQXPpOUUrWpS5Z81OUq2Fm6jWGjJxc3RWIkpQlX9nKzoVsO507t8zlJOnCEVCHNOSl5cukiZpZZbXwxcQ3zabHeKuqadeX9ydAfV7WynvLzbdahPp0SQGOTdPcfOPssJt5pmMd25e3juWfVLy11OWae01aWdr7VrrTf7N07SZtKnmTUyZZjawWxsJLSJ9NvLiSBIbwtbtC8T9PdWZl0q9gWCwSzkW4+zXN7pjarahdFgnmkS4ZNIvr95vtIjSKN0sELTx287TRvG4ydVeDTo55Dq09haS6jdm31vTcwNcaDK2o28WsHS52sbxWSGRobczTWBlit721jLxTNHW6niqKpVcvoSm5fXKbVONSpPlnKKhZz+t2rKsnB08JTeKnTp1XOvV5Z1cP34SUPq9OrDDRSgpQk5ynCUavLCTlNVMPiH7PklRlGh7SLc\/ZP2VT2E0c5Lqd7e32ryRanqupT6k8c+ppH5Ed7q+r2dgt402o3EMk6i7eee7eWeWxae4dG2T3Dss77FvBY\/Z7SSKS1lm\/teS7lfWdROlWkU0wurKG9s4NO1eYmGKQYm823vWYwRz+Y6qm2+0N6dUvY5brVom0XUNQhnguDdXUkAK+IbeO2s9V0+ytWuLu2hNvc2TmTTbaScTyshASQBmkudWddZ1EzWqaFDcP9ts4tUk0y\/hhl0+7szctfTpcNYtbj5BPq8MxkRY4lDqh5KsMNShQdWipYmhh1VbpVpe\/Qg2qSiqVDCQlS9jCDnKlUhGOHlCNWM6kcO4Z4CpXUHhqNWMaDp1ZxoQleK9nCnBxUqdWlQqKUKinCLU6dCSh7NU5Ok3kRW8Fq3kR6fphvUvL+W1tDqOqS3U1vdSszlFa9hglhdDKbci4uUUN\/pYhcIBpNq8t5MWtnvIvt097J5dqYdZvbmw1AG0ub+1guNSWFLfTpvKmb7LZzxStuKTMyIhz7qIWt\/wD2fqsegedCmpW9rNcWuobotS06zgbzRZXTDUlnu2G1re409IUJd0tlO7bW0zVrc2q21\/qRvtON9BNdSW1\/ctpf2uyjn8icG9kNwq2v2lmUzWVzvdLiON4XK7ZoTxGMw8K0FVxmKdLnU6zrNRanVp1anNKdWHNOXs\/Z0ZxjCGI5ZSm50oYiWU8Nh\/ZVcZjKdGMI3qNqlRqN1I05urKUZUqvtJU+bA=="}
00452{"flow_id":17,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":732520,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFwo5AAEAGAADAqAEDxmSSCc6z6wOon+1kBo1eBIAYZSQaUQAAAQEIChncHJUB8nQbAAAADQYAAAMwAAFAAAAAQAA="}
00494{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":791261,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"xCwDBkn+LFbcjDU0CABFAABjWMdAAHMGa4K+Z8M4wKgBA7YpzrIzpvI50lL3p4AYAQGEzwAAAQEICgC\/gJMZ3Bp0AAAAAwm2KQAAAAMUAwEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
@@ -144,51 +136,56 @@
00468{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":893762,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"LFbcjDU0xCwDBkn+CABFAABRH7FAAEAGAADAqAEDxmSSCc6z6wOon+11Bo2YcbAYZVEaXQAAAQEIChncHTMB8nQqAQEFCgaNnhEGjaOxAAAADQYAAAF4AAAAAAAAQAA="}
00452{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":905805,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFwtlAAEAGAADAqAEDxmSSCc6z6wOon+2GBo3YfoAYZVEaUQAAAQEIChncHT0B8nQrAAAADQYAAAF4AABAAAAAQAA="}
00440{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":118255,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LFbcjDU0xCwDBkn+CABFAAA9WCBAAEAGAADAqAEDvmfDOM6ytinSUvenM6byaYAY+3dDewAAAQEIChncIcwAv4ZsAAAABQQAAAAA"}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":213097,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":262874,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":275201,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":297747,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01340{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371695,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00816{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371807,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"LFbcjDU0xCwDBkn+CABFAAFUAnpAAEAGAADAqAEDU9i48c6\/yNUzq1mtBM6WrIAYL4nPuwAAAQEIChncIrV4G2gMaTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlPYuPFlAAAAdAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00587{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":390227,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01292{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":488536,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00470{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469981,"pkt_ts_usec":133971,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"LFbcjDU0xCwDBkn+CABFAABQyXBAAEAGAADAqAEDU9i48c6\/yNUzq1rNBM6WrIAYL5vOtwAAAQEIChncJYd4G2hMAAAAAwmf\/wAAAAMUAwAAAAABAgAAAAUEAAAAOw=="}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":213097,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":262874,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
00665{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":275201,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
00665{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":297747,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01340{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371695,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00816{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371807,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"LFbcjDU0xCwDBkn+CABFAAFUAnpAAEAGAADAqAEDU9i48c6\/yNUzq1mtBM6WrIAYL4nPuwAAAQEIChncIrV4G2gMaTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlPYuPFlAAAAdAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00587{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":390227,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01292{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":488536,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00470{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469981,"pkt_ts_usec":133971,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"LFbcjDU0xCwDBkn+CABFAABQyXBAAEAGAADAqAEDU9i48c6\/yNUzq1rNBM6WrIAYL5vOtwAAAQEIChncJYd4G2hMAAAAAwmf\/wAAAAMUAwAAAAABAgAAAAUEAAAAOw=="}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1455469977285,"flow_last_seen":1455469977324,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":828,"flow_avg_l4_payload_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 299/299
~~ skipped flows.............: 0
~~ total layer4 data length..: 295562 bytes
~~ total detected protocols..: 25
~~ total active/idle flows...: 25/25
~~ total detected protocols..: 24
~~ total active/idle flows...: 24/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 2022243 bytes
~~ total memory freed........: 2022243 bytes
~~ total allocations/frees...: 35732/35732
~~ total memory allocated....: 2018595 bytes
~~ total memory freed........: 2018595 bytes
~~ total allocations/frees...: 35728/35728
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 136 chars
~~ json string max len.......: 2389 chars

4
test/results/bittorrent_ip.pcap.out
View File

@@ -1,5 +1,5 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492508985380,"flow_last_seen":0,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492508985380,"flow_last_seen":1492508985380,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02401{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":380744,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYlAADUGywC5OBQkCgAADtGOiNaC0hsOOk8HpoAQAQ9pDwAAAQEICnOGuIMAaon5wq2wH+fJAB37WaFc0xGrpC62Mk25YlmPUd6ck3UOPlnlmaLDK5iccRQxV6Lrpsvp\/uuH07fwJI5d7\/2xQsXKRbbf\/dZsog8rfXyOu4oWkiFqn16z1YOEpNojRPpe7v7oH86SIuoL3dpLCw3AXEVUNxwx2S7LDL5\/rfeDM8+Bcl\/\/R8Opw8m+od\/En5GEEzZ3xGrHEqfzxOcCFet4txleRVwSMtJGmJGEZlxnSc9bQojqyP8G3\/vCd1PweWLboTk+NjSajTAv1YG+aTAyluKRr0qFOpDKQmC3IVqzr4W9DmG3o93pWPJfaiwZdc0LXafyZIup0T3O+0SD+1KX\/MXVxLlbkrHIObYhG0KRzwzkIiO\/HR3aqzKcLzpGqVYzgATNkx6loBM2zXf8m\/XhjwgHW\/CGReGZFPmB8J6GzYgFDRMMKktYU5wo0oK4SF13YaHyFNIDAJL3DAyL5r+1U9G1+dr8PIMRJp4\/FwQSe6a94CTR4ZskCkdLrs8tj1RsuwrXTbzvqBJzUsQBm9rJfZm4y9w1pfULJ8D1TYjJjMzSDEl0T6hV8EZ4dmzL6IhYkOgH8tql6Y93Y0ddSoYv324931xWI\/bR1RKV7BANQbXUG2pG0h2KZpa6XgVabRUtP99Tr7\/5gqL\/IS2bD5xlSK1xPITsCAn7s7qmMuBYou\/b61yEnXpRH5c7+HPoOUXeVk4W9oZrQVAXk5BbSMEHW5RfTBUhNP++2i6eHn+vUbuL8UK5lLIATIcvvZI9dlyGFiLHDfDqqIZCrFy3RyOhH2X\/YORdIg7sw\/ndDLMFBseU\/KWeXwePK6mHg0z23nZaHdFSoeEOxwrWY0lgWUBWjSyZYzTSBwlfgqsQztiEM77xdLWOhbIlx8\/nuG0COEMh2y1lyIiYlKLCMQXTS7K\/j1FVuF\/8tvPyElMf3rWajnXt3EqUVmFpQ6LS9QxFLTpgEdeFnf2qL+AmoEuGUjU9kJweI25uL0Z9lzpQhvvCq8wd9I+ftZPKuA6dZ\/k3GrkabkYxGDbzhE5ROw\/DgJVMx8YTocrJYMUrgGEF+p9he2ru4LLtxOeShPq42CbnIGyZfsPr53QY+AEuNN1DHzxtN+wF\/8izHYs9Nm7vOWO5FyqA5I1eXm+bYBqxrutPktuKTr3AfJQHxFyberh\/WGaCmyY1JDhaxqT6lahZjq\/D+h\/+cEW317H+1sg6aF1yFTeoDuELtGhphh\/6RwybG6XySF4DX3+mdR3VpDjIljqG2zlOcw4y9GPTB0vD0AfEp6VvCyFfJDbXcmK3LpFLGEF5msQT5bCRePIl2ts6C5\/K71IHEGDPO2Pna8kfaM4QGJ2FEOm\/xWLLsagIQPw6MSeEcAjjO6xkOeOb7btfefPF4Kqyu4ZO6Dzvgl7z+p4BOxyjwIming13hAtv7syoCsUTcyEZ7qN3Z1aE0wB8ZLg5qK0FPpcYv5DNjm96suA59qoy4XiMdUVp7mB3au2pxK33YcDYQwNH4vEAMRMnaiZbwUYX7PyP2fmGyj4etY6\/bzsgqteorOb3gC0UWBkYEiO9kyElGbVXiYAbr+cNxxY6pf6owquBKfCW+9gNQM1Gf3JOhOZXrurW533Z43nBgLYv3+V+2tLwZ1ozPyKPrSjCuP15ektq6c1rgVAbemep1fdRC8ScYX38M92H9PR2+eGCsHtEDQpBXk5LKK8TFCIvKYqIOASd2UUU5JBJTDxPo8Dwxaolh1aYwuyIWd2Y0ZZS0MaxB03Gs37ZQEebCoytVUbaQ8N4pKz7QcsA+9kfdLFgkcDGaBaeG2k\/9sjsS9pkJk1hIC0qCshMy5uCV2qA5VPCarO85ASgoheRo5nDYkD5BXNn2XlPP\/DEADBYv466aYqeaVlkvH4VxCi5CTumh0poopX16s9g9P5WDW3G3znJwzFtdiZlOelig10="}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":380750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h3tAAEAG294KAAAOuTgUJIjW0Y46TwemgtIgtoAQCI+fXQAAAQEICgBqiw9zhriD"}
02389{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":381419,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYpAADUGyv+5OBQkCgAADtGOiNaC0iC2Ok8HpoAQAQ+BVgAAAQEICnOGuIMAaon5BuPRLy3uJClpq06N5WbznePjpAb33PwIhDmQzu2amLpqojqD8pITOs+XbaoSgUtCjoMw918bf1kT0PwfNLnQaxL48UHV7myOpaEdJ8VltTypXbxcXCetJJM6gRvH7ym+4hJ4tcr2zekZutLAQjA2A1uiGfgzMF1ut0E7fVqsfQrYv72\/xPwmLPE4vfQ2X8WomSOaMi4wt5m+fmcqD7e+bckg26tp0o+Czgwy47BmFi4tSe42zJqjwrbuZnRxl5R1O\/j7cS3DzHcfxdJVuWBfwx1MvQ49JuS6eYyLe3XQFNuxixXY6GXXeERkcbxBT7Lb1riJflqG+q1NPO57Xk5XbpGzlWX5ncKkblZ3LrRtwKyglC891nWyCbf2GMAiMGfnq2EhxvbsKz+j\/pt0frlmE5XglerKsRhqlt4JvKk9gCPdDlnkSpgt6vcuoRIOxrfm2eTAVfNhx6CQ2IuVPhOAasCwOkG8pUGkqRe6LODGhZMagzSpBj0qEbTOP\/nZ1wDKXgmIFlGyxm0yxZeJOVzBPs3Wrce7TsuReOlTpVaNLpjSe0nIjh79sNpzxXRN3fq+DrJoG6mde11Cr+PE0XpMjWYssAFpJAtA5MN5uyVzdtyGbzHO2mZ2dVQuy\/LKNeOg54Hed4XqXZ+YkcRdAV+qxpt+i5443UdMfoggkY6Dgmeas8IoGPIxy\/F1aYn\/0ntdXOdQCtLaPtnVeWNZ4i8Y1jQqdGs5FP\/yYvhK9ZjwZ30aedmX7HdQavUFTxo+CIzJDcVRVJmSizwljNmn53GAdwtF9ZOliUAJGuhU2aX2CdjlNpcIIhcjR22VSkt2uEj7UTioi2efL2UNX9NvUsNym+l5gYa4e5G1cEFwRCjaIVkqdDBSDJdg3POuDFgeU6vIhhLuQXoicw04wO+Xjc+NIvW0g4HOyvXMjMLo+1lIXWf\/wil860bZ8dcJKnGIOZaWsA0QaDBIFhW1u2oBSFO\/9AXIm8behQDqQz5asWfGHjJdg8Oy0tMlQWMBK9pDo30IjNPez7bfZj9hxZ6sb5FDvSj6iwwn1H6NIpmLF6aF4BPDl5bvjAlqbaae6vn\/bEdweGulxxyKri96vRMASxK0NDSViZF9pzX2TEtg1z68PnNJexmxFyI\/1\/jw4iTSFgTpmkWn\/HZdU52OFen96owDvY6j78ZdkHaN1r4xDrNDPIeqxWhgvXe8ss4awVKrb2YX089D\/MitjkeShQZBZ42JvzMY5MvxJSl2zFv\/L6rNZ7NgZ9+eUWL\/AfLeo5F1xuMTKDJsFgJFmRyraDsNdpy+6q7fX6k9D+pabZs6K158Kg0fVT2yQIBroDGxM1QE8faZZCIHtc4OXJfstrC3lA8Lmy+ub2Vhg790zL7DKhf3deHSySeAIxpQlVytfpOeRHbueQ977qmpJ6mNwxivN07QLge+I5TV9UAm8C\/8mEKXRZwCTgksGem0MHtLQHcHgAyVq3DwvrLIbgJFg+qrY8f3YSjrTKDCxnFFqEf\/k+DpR0PIB8vx8d6i7CqO80LKMLY09+pIsRbs1iaREhcvxtiSQcPorl+xzUOpFF+ynEOJwniCrLZ9Um3lOIQwekvMzVg1\/E8kwhzoUVfq65oC1Nj4qhJYXWBdOegYHdoLPw9e8D61y3JA8fmRXFd1eMX4AQ4se+E0wzfA\/1x2bkZe2YNOndoBBB+Nl1kSDpp36avXMKGGqgGUv8JnWRPrFSmswcbiHJFltbqFgrm3JaB6LsMDYkZ3Q4oWjkBYH+AqtZlcLeDiXmiTreMV7hQ1sYkZnyoS0VB6rFVH+0+WXLmbOY7Um0YGrs3I2CFSOj2qxt9f9kMiKPgQpbYcoA9TAl7kD4ysSlXUeSvrMg63NJUKn+J\/RHzYJDMuRaxlCrLjRkiwIAM6wOD\/KLQPtI6e4VYwtvjiy84faZt6WMI="}
@@ -15,7 +15,7 @@
02402{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389958,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnY9AADUGyvq5OBQkCgAADtGOiNaC0jz+Ok8HpoAQAQ+X1AAAAQEICnOGuIYAaon8LCTCy8BVB\/Gv9oQgc2xUgGbPdfX3rG\/ZE14UJhCmmhYGEbhY8wuCB2inw6R3mSCVT7jzowALqrF2Nox6uvPYqUa3pMV1o31kPTJItZAqzh2X92Vdm2W8tDE67kRecccl7FH6rP1Y1Nr+9YwvVidGw\/aVcRk3uhG1t1CDDaJR5eqxmu5rctvagUaqoA00Jor19TBM5mWpx1NJzC1e9pveCLdDd2Qzu5vZA4uNgsYSg\/Bc4K3+QULjQ+uoj4iN+wvgnudZXW2C6UcFAWx3R32PLGJ9ugtwpbiieXmC8MQ\/Jr0TyhAExROaHsrw6RXsIgjwulSLbDiz2jAjMTT9fnI89jRFAPW2HUibKJmyv4Ij53TS5bNmYZNB4gU78iqXfbYhG7Lw4Gsi5y0r\/2U6VCfI3TkB1+vZuVh2vxMeuI9wropVyEg0a7zcAGnG\/bE+EmSLBEZj4fVp+tJ3hrf49RG6uJ94QdRbUtTGthXcaL5KgZNMsgVV0qk\/r9cDkQGBxd8Wr\/rVfPukRI6stUqp\/MRaHjaIbuIVd3CwWfRPP0kK13U6LRTo0kls+odv5waPHflMs04Wa2WUcZ16O\/x8sNe602vVIXe1erbnLV3IYG+L6tDhhkfHeCY3qD7snP70z0E4bHLqHfAqOtAltp+agmOP3RpZw7zk8mpfizzzxDlGuEBEpHIkXCCzBJi25ml844RCSuSMVtSfJNQmYNKDDeo4VAKIuWvGwULQbZc2oY\/B\/k1vD5VXBKhVklHAaS7VgCVwiqGbFb93wy51ECSEQfCZXgEy+cXny\/L3AhUT6SnPH3d5qIcCixxX9Zhq9xxLOeYijFd\/hbxAVHKYjyOBWJa32bIjjP5aSZQzxf+pgHYbnOT65OnARIZtdl8hCLyMqV3GMC5c1zHWHb+9GtB2NwJg5CH6liQU7cLoNTFU9m1JqyZntCrx\/\/daplbtRuN\/3nMEhb1Op4p0vE91qR+FjSF5ABi4bc+TnmPAGuXMIdpi3C27NXv18AwgtT7HlVWMcWm2v7IUXIOGjwi\/HuUS4y\/IZoCN5DC13lIOWUovcvWOVkFnWLDh+6nQx49GxfBT3+qdf4c7eqs8f253Z9Yu0jgwDsUFC1WJLDGmPkeASfXYluDZ6ED6Kv6TTnXSH5zBqkD0SKs5Ntw1FwszKqrmRxshIDSFz4DieYLYcRzG2m8uzvpNmeOOQUTHbJuvsA1tFpYmJAKECKCI86mvtpTn5IkBhJ6y+QGdpYUz0UmAJS9PgR86I0F16yiYLfFwwY1I0PgelBKYUI6tTgAZyZptij\/I98hYJj3C\/igN+AZ1YWqnqV8JoRD7IA3b+fPO9cH7wZm6knRCdn4NGQ5jx5j\/gYYg5Bk7j+VwsfpKwSQJEcofNY5XU6Nq6LxQb7E2yWPVOc1I3XWzn7ERkNSsR9ZWKXlCpOVZGleQLVs7XKpGtXGQttJSuDlm\/pQSrUjOkadxG6AyVX+VzhssdrX3uSouqHLteQNbXstqvj3JgXzrFnZQrE1mP5Bscc3SGTWps5dDotab6bDPWPJOuLGnLH+RKVEXzKlTOLL1ELqVVcoMhcrvaK1CYxQ\/M4netH1I92H9mfjQBBnsohy9MceFeDBOtIEg5h+NCZ2TzopL53gZunEH8iGMRs2\/w23\/Wl0cFqrsDEUEmSyQr1mwyL63yyFFXhRxCiufiQEtUer1vkBQSOFL83bpbR0PRnKCCJKg8Ig8nRKZCxQGfu\/3R1logz+6i57p2E2Bb00tu51D4uD00P6HRxAUlOqBxK3aHJ0J5DSLf7HAryv2ty7N+4Ap0XGV344X\/\/rEbBUl\/3e6p1546\/blAXCxbHA\/rSKpoq4k2cc3081hoLRpzfKHkCdIzRYQB4Rl3oGCkh\/3pAbARmnOv9hOmzRhgcis5zgv3DOFknmhid70p4dt4kbL9Jk="}
00430{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389962,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h4FAAEAG29gKAAAOuTgUJIjW0Y46TwemgtJCpoAQCRd84AAAAQEICgBqixFzhriG"}
02391{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389967,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnZBAADUGyvm5OBQkCgAADtGOiNaC0kKmOk8HpoAQAQ9TXAAAAQEICnOGuIYAaon86kCyxYzDt33zmhYULc6p5S0NUXklgbxQ2lLgxjEbV6TISaCK+l4l45eomYRprbaDV1Mn0ZEjO7ADMeBq1v0WphjN869OXm+GAuEcy7tCaRt4eBV7STsjPsbdLeDl4roSW4emk2P9nLWwvR42cc7d4B56Z2yQPlshp3zYMtITRYl9TWFSMWe3FdqJRe0gVurJZlATKtrnTC970\/qwHEVc3tCarnWtN8Q7ryOSnj+NVWh2+aUllIC+kjoBd8S0jFOQgmTdPF62sGJXT\/B9eWl38\/MEdL4knoQIw4ymZRw5PFl8ySWNayCLfG2Kt34JpGHNoDTcsuwQp2EAsNQEejW6F2TGN9q66yKi\/6KlqzjC5+kajKKdAYHrcu0Je71ggcazKjMr1cvGSOPDZDVcL4C\/nl1LjWRPREQLLgMOhCBDhle9jwKd+sdnrvlHNCkUVFLEESsREhcBKQPerraWyn\/VzeCkCknVyr5o5F9lCKn8irdw0+aG4kC\/xNIjh8ThUNj1\/AxAkteG7hfKybcOklmTemUArOgONClt96sKaNJBf3X4tblwgyyNsAlk7siZrwbVQ+ju+oA99u7FtB+ch8Z9lHXeU0Rm2Mt4kqDpUwHCxd8a7t0slj9S4SpdqHYUpF50oj9Xuy7olByVmYuLhZYe0jS1clOKh6b4Jg4bc1SM33\/G7AMrQbljRcFOrgD4t6nGzUpLM5GB4a1\/LrGe1VmAMT1eTqeoGYypqsJrX7DMAHfmirDNLYVvS34CP2cJ1VIc3fY6wX7iheEWbPWUXqW72OLi1srW6osh1SR9xj8e1RgdYCPDUJIx6brffNUgtrGSE3nH0lxOybCaCyjPDO6PqXqOg4+7p0ricx\/ho6S5J3sy5Ynx3DsLEQaKfahtdDnn9MjFnO2SOST6TbFcfBmNpKUWlo6JQFJnbVpU0i0gYqzIBghagebCdk6Dqn391FIr\/CBnuWRz3cFlcbolVXcCuN2+SD6JxFebpRVh57INHQE\/dG4dDD3wgYQq+vj5J2V8Ejyb6Zn1lRC+sZCHeL8TNssFp+fMLpUJwZmGy2Q0wrYYB1tiq4vYDdf2TJ8+RHAs7WKTPNiV2em1sqKs8bA2txP8dnO56ZPrRY7eIdDHFHntiA\/JjPJqe5Rhhoz21eFoSvKkR8euFwh7QC3xFX4uuEMN06gE4gN1\/yrTp3iz3YlWbA2reoYMKPUfHVUcewV9Yteskjvwe5HkHZ+a3c5AjHXXe6BNSUAkxKANQ\/J5k7x87T62t8mh4fEeMJF0bLTR9f12Pxh4gpJnidje4BE+VTgVNP0LnEjieN2\/W+9zul3jCDOHF8rpHPBXno2jbc9Nb5gUbYNoQ3p4w12KycAAtiAA\/vBC6yc8Zl15YXWM0i3m\/7bvPPDjHEJ1PVfqBPbDDGhx+7vfYAwxaHRcA\/ax6sQHCB8YhT5SUGiRptEySbmm3GbFreiywtVr6SA2Krob9ff1SqGA2LdHF8APd27j7j35KqslqF47jLVjMZCcb3agcMtv9osGZX7RSoWpcfsL\/SWdN3+UhRXoaiO5NoWJf5J0L1exwIzF1aivg+0Rv7ZO\/TWEBuq4TIllEwgPcd6wRk7SO1T1k2PVoRShDy3d22Vm4sBxaUOLUjaqbYUt0Jk7xbDLWWRPzAPansXvI0qDIrLevoy2eyBO0ylGa8ORoy1zcrXT2VMYqnzoyoH+TjkHpOICAcoOmxgqHIlJN7JB2xeaVsdhDtbR5S1Ueg4C+0PLiWzITdKIUpDS79Cwbu13HVzcs3vubirGqB6wcu6gX37WeN5SHmOVjvNpWbIahXL54HB81EHShQ+uuc33MvkIsr8EO64dydI7DkyrfrQkDl\/+olMD1bcBi1PMZofR0jaIiFb4B2OzflU66KkHP9MNmizJM9k8EjO0Pex0TPDSjF4ApTpHI40="}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492508991649,"flow_last_seen":0,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492508991649,"flow_last_seen":1492508991649,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02403{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649218,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOpAAFYGvBFN3q4UCgAADgsythIFf+fAyg3zkIAQAQRWiAAAAQEIChotFWoAapAXoFZsJoOEMtF8fPEtH7H+tnsdcSzA336oJmu4Vmd4+L0QrQI3vtKCetbBuRYf5q6g4O6T0Jwp+QqkdwPc7HIErcfsszej+MIWFWM+kOUmjcQ4ZzXdJdcDBn8tOzKM\/z8HdD\/MBa7YQ6L8mDTXwMbVhCmQLgbAVb5T2wqH8d9UkDVqlE4CdoiXFdq7BoinmTI+n69Jp92R8vC9PLr05497LGrl2kCzOEtw5RufMIBravi7K9SBGj9g6MGJ8Fw8hqrm0xOpXgEmn75Yv5o7t9GISbIYVy6cnlHVv3p+RW+VMGwcGC7\/D8E\/tusAAI1dhhSRgUnFFYFSAhbWAYsPLVL6f2ZAA68rnkVJyWqRKoLWS9t6fiygCJzsXpD9reclTF0ougyKNwzaySeCWEv0QML+Mc8VyLOsOYyTGjsuSAfPgnofr1U0FX0E+Zvh\/RvKsbWYAahJWgUlShdPHqEf+qR\/o\/pKADGNHH1h3AqhOjp1sxLJwUPyaG5MlbUXcKVh61M2C2gpAegg7EAaAMPjQxLgKq\/PP7MNzdJEA63NK8hFrb8ZkqIDg3piw43Cunv\/XwlxpJUPkgp65a0PBs0M2QTqbJUuWTg2V4FnBQVHNECBwZQ4vvIu0vJQqGvH\/1zLIgddrBciuHp1CsBXaHYMArE\/398PWRUyXJEwhjJvpcr\/Uq2id0s9SinNP35BTHlbGR301Q0vBviN5TCZSdt50xv+uNPxsXhH0qlx5d7nEbPjEt1LaE3rg6CTrMllJQv9RJgn1gkpfaOQCka2Oxa\/B3z4el5uj9l5KnbMyvg\/P2FuSDbdV0g3ONFCT1KjW6yeLDaOGaYVsHSACSF43ghrE5lHyI011V2XTfwRwthCTlThs8g\/780ycHMTFQxKocL33iHFGEvuHAXD1GwgQlFY2VYQPl4UylaE5WnB5+k25VUMulXxcNr9Vrlfv9ZQS5WGr6fv\/lbK6o+guHKYyXbUs\/gpwBFqjud16lcsgZL+rWu9vscuTUuStWZG+nCx\/6SZbSTD\/nZ7xafjL7TxukeSNLa8cdjTDxIBHS+e0QwJp7L36i0Jn33HjvSTZoyG4YNIg0PFii7jtuvKebpx1Ad2MDsC+Inwz4W+7FiI30s+aTiXOnwEKsi2Rvla0\/A4j6JEujop9WovLrEfeuwn9m4qKx7igLTJZcpSUUSSpzTCh0SHieWaepQl+\/WY4XaKtEBTPCGDH1Y1xQkC0fZv2v\/wPULChMHwxkA8jqK1+ntgDOWX9aH78LcwkyQC3fhQvIjJN\/zj3BUJpqROJBIiWV1\/owLBEFZXhl8JqX02\/sm\/uWY4H4jERLsn5zGEQkjIDgit3OfyHPsoVLm4OswgtlkPQbN2IXxNoNcFUwT1ffARs\/DtLlXY7vNEMgQg3FzRVLiunvO29LGYW7dLFc1U3HxByATWLIpVBA6SiX6sITCkjHO+NLpV37cQFSe9jAKO\/fmb9voWfNIdLzvieh8R7MyORkneGyzSqqUJhsc60hN5SSUTqEFaWPZZCGV30wCKl8\/4lJWmdAQZXC4VPd47njmoImX2HL9aH+gazhp\/2y3hvOlvHHPBMSupE2t4RF3jx9kbuVQCSq9osZktCArUv0ri0ZtR5dNz9DV72xERQVKh6U0XXmbmdXWVmw0OA7m6D\/q3NiRmIfYybOWSbQIatIdYO04QXBCsK7111IbYcEVX74or\/kfGT6eIISYtZHYWAXjPKfIrY+lUMW47gfW0LcohEMRBAUK\/jBCTv5rV4CdfOUUTqfzCQHxmMKSJdiDkoGJNJ4IvyWLatplgOPd4RDMYBVNuZILHQw3bWbpI5ynVbrCBaM\/SysRaZ1jDvedzcl2b+8fJIvh9PiapmS7NU6IDXTaW1NJ2N\/lM+2DD0w14cFU8GNPo\/XVSUVo9XrZPfQ2OmgPL9X+xhG5Vb78="}
02401{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649223,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOtAAFYGvBBN3q4UCgAADgsythIFf+1oyg3zkIAQAQTgjAAAAQEIChotFWoAapAXo34tMz4skfaHlYY\/ScNpDxIpCs+P5jEsNAxpbVkUCDph\/pBzMB\/LwnipjHQtHoSdK8T5c6F80YLV8r4yOc6N2BSayttGT02IcKpL4u7OmmkC8v9\/K17IrOvPSiKzm8IXRcVGvWLEe7mSpkbGXP8Zg500fAiD07gmzEjqDvcGQwae\/\/c+fT68j5qTn4EIMnlVV6K3u4\/YjaSNQ5X0kUrG4oshGwbT6lOr7qjrcpHx811m57vXMYMYdLpZlpYL3oCUJJoZmbYnALEOz0mDJkuefbnLwlSq1HWKxOP+GdZiMuM3zqBFAhRFpOw0wsHIgYwiLZnjgU2necxHkVHPeXyRvs7PXtFfjrsS9PYsP4dh+js8z\/HcmJYGR83xYLEXA4a0\/eDgV2ZN3mJ246foC2z7ESpSlbDC7rDC7kxPuL+vxgE1IJunPjOeZX8vRzrWdOhpseT6UBY+SivCjRALwumw8jaII\/0avXIXosCaJWtRKZMmdFQaTdoQK8gsWTQBoGt2TE2kZXnWB\/rApZxcgbQEyzgxgcTfZBPcV\/3V1jRhF4D7oaPJc9EpwDGnjV9Mav5Q3stag588iPoH2gzQBtl7pZHgOHi1XQcz5kB19l3w4lPjAd5YKvzqL2+O7HLsqkxJvCc9xdSQMeZIq61Xc8hUjm3R8ibutovYPhKqO94ataVUmAYrTHLBUiOgGFBdvIxrvTCmQQ9Be+7ybkUWeqSsixsDWzQI5UUaBY0MPN+FMMQYdval+DZSlnOiTbIx1T7PKkq\/0wFPkNyo0knB1r\/EsQVn2O7BFGfSq4gT9z+dYK0E9w3X7FjlS86WoHdTb5RRBw8xH8Fh7dSqdNJBR1IzH\/32Lu5S+67T0h\/5z9BRLTqqyqP5iwd+vtZ0GOkBYlS9TsOPdxhIjSaj1w5CC827\/kTX3P5CMBTKq5L34ltxCBEy4fxlNOgSgyr2c8CzN7W3+9q\/2lQHIwhVb+JW8Wui9hDMNU\/wujR5n32OFvwD2QHVeJRQHs166q6yxxlMKx68f6TXlexEhPC+g5jAK+iIE9t12iL2zbNyEIrU9BGVwHSjvi9dn\/R2rW6+XZTQ5m9I2MvRHE4KW0mfjS0Bbxx07TQtwhn0mE\/CuyZtLYMHn\/xUxoXUl6ReTcf+DQcD6PDQVb5u2Ac3XqIXomVn6ks7GOKGpAS1vo1sy9N9B92UnP\/Esv0qk5vYtzQGnayZMCdNm5iN7cXyeHDQvrsA\/syaRP23zdQSDJwkhDiC7grWYuL00L2z9fymp8OdI6qZlZmC5UP5erWZ\/y\/NATjfTE2lPIZ4CufAdTNaV+HL\/OENr7VzqlcUSPMJUpZe\/uPBX4hb5PTr2k79iqBn5W2bAOg7f8OUTsuGNCRx2esiT77WgsjtYMLWGohNp8xgnHEQ\/f2U+Umki8C6MAJk5V+ShBv27oPYtAaESwDy4i6pXIdNqgYbuC8tjYHTTxYVK5PLBUAnT7sfWJ9tNba8K7LfESYNsMZ2NEyYLSogogqOIBqX2RhGWFxZmcmNyMr+mipx2RqzLPtlvv8+kvPsAMtUmyl3amIiZgIvn8KvwnKuxavASbzL1yhnGFf8G5TIUTVmmJkA4hggxNpWmxxcPef\/HOamo4tsekfmXeSCur6ixMEpKu8xonqrX8ZyK9dEJzbc4+ry2K3zY5v+u6KriUQwOdDYzrn9xlIYWXlKpIJMaRT7Yel9DnXLtQGGVgPboCYRdqKv8AvtOJ6Ejw2yug8KSDGMadC0cnfSs\/SOYlGavKDGmtW94SCRgDE3gRafvD+c0eaoWKwQu9\/JSnpokqEi2gK8TdXJt5arUnG6ISh\/qG477G+d+KyVZJFRXyLBDKMJVuCHgdN+PBrPL2G\/4T28dATlQcAmGchVsj0We7WEFzT6cH7Ok7VBXgCxQGetulH4jjNutVlTNpowG9g="}
02400{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649227,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOxAAFYGvA9N3q4UCgAADgsythIFf\/MQyg3zkIAQAQTEnAAAAQEIChotFWoAapAXin3jI4ARKjVzLsHKHqf0eIbRIWzLABcT2\/h2G1F+6R1+NYd0dCvt0tnxxfqRWn1RYuahphiLQ4wktD8lNPU4DtXpNdlpqumKgvrZFXodsWrom1N8t6xryu\/E0m1Z1ql1ee+DLth6NH74VmruNLYD6SnIbzvOwjO0xPCx33wakRciHkq7RP5ztglIb5eBKAYKpFTqldfebbBBj2NzIkO09M5Li6a0Q+yGxmjFz7xt3wmahWpzenfF76rsuBEBdPOGn3cIIEo9V4GpW\/1Lcy2Y6golYpINKPuoe051x0p6EfkwNEgNTVI5PknJjh8DLQy+S+iiabNPy4Wuz4Z29sO3UcTbI0FXzNSE5+arxO9fGVzsHQZMzMmCpF9GrK\/B30GHG\/ZyHQhyziSR6y4xyvAdJ8nTfZFnUBURWjDzzHbLKGnUTQljhNTua44LZUkCPYPLvnSqy3oyAbMNEHf\/KaPyDv4qLw3IB7d\/2XNyxwUcZzNdmB1fwMvTAkHYUi\/uqnAjN1mXJltMT5wC7iN8jYNZNjPeE0a9hYlUtRfFiUPLxbpYYVapCnh2FX+Ctm8GX4fkqVbh9kSeGcLX9kJLBzDy3Uop3tSAD5xZHmhI9Q\/IPKsJ8jLCiu9IY8O4W0azacMqwq+e7GXbIKTziJnlV+q1WBdAYrxocVCNXeDGKmflDYMiuGvRsv18Jrf\/dTmHFWW1R1LuDQtpnQOev\/ZBOBXXD88wiwd8mSiCjN+1vRnCm3P5te+C1QJm4c9BezvsE7mVWhUpIyw2keZusvaHbIKjJv5qf\/xE+txjn2o\/x+3YZBsV5yTHUYDBHIRKiiAfMckqW2pwZZOXQ9IlIQYT5UN6o1EA4NhUw7oaR6J1NgSTOxxPFScL\/3+F5TDHrQg7TBZaLbbHXVKbpo7mvD36CLfqDYNXssdIEltIBoy8AZRd8xI5GQuI5gFP6Wjf\/3ooDq6WagIW4vzQx0UC3+X\/w7COBEw6kRpulcGFosgCWGhwgAMrtTSilcfPSfMq2VgN\/r6xOs3egY\/Ge42To0LGUB\/vnPYy3Cy6lIZ0jPqucO4NwE9iO1vMeB0CPQwGmzE5iKea01O9t8Wm6iirfnMI9eXzbKY1ux0ThzsmJTNJBFy\/WfcKj3WsWoJBBTgEtxjS1EqielS1GSFQEHjui24ubSBIaCgeQ96sdh3IObHf9FOqkiMIhh3ltxxCHP0Km7DyQzN3HJcL+xjpP3Ae6E+FFo7LOGrYSDbyWcNXbSISJHso+3Znv6YGWBEbXj75Ie69B+d1sZ2\/Yk1ZTb7seX02Fbq1BL4FhkImhuAJO+JnQ1p3pchczUOp8T53M507sNc5xmvei1IGViEBgZtci6UfQl\/2Te3fVdx7hdovgWOoa00R6VxsT2gGeWrcLix0CkBy5U9C2qUC07JgOdY9ysGZcGos4SlBO5NO0xM7t952urMo8OrVFsXvdL28d9XRtQJY7yQy60XKugdg1UYzhmSoQyRjNi5m9+\/V0YeBm1pOWdj\/gOvBNko29IxSXZuGaTEBFpoPFVWPMt\/gVGpFT9m2SwjT2XBytKEyjcppJvDRynyqUq51q\/MW8\/f9uSyn3Q06zJDysyVOgWA7ZmGxp5sxwT8\/Em\/M\/euPjOWONXGNQ2lnBuUlQbOPYhiFMwptuMeZck6Sg30qMH32vhZbKicNnkmDMnUCW3ChWQIe01E02FgtEwaDgj46+76jPfyR7Yf7epGBpMrhlj2Mh7rQWgjjhegI82Evg\/8nW64VVVvU15kEbexGTS0v4x8KcoGnqIsBK0MLIrq8jFQLhK6SQrGlhfZvEzJFlf+4TGr4C4UBx9AnZ8umxn2rXOXQCwiwqElsdIs8KReJMwfCYtUvdEmRNXmClaV+MEiWCDdLnx3HVC7AO6ywQjaBwA25YN6L96xFQTMRuEeo19Qvx\/8="}

4
test/results/bittorrent_utp.pcap.out
View File

@@ -1,7 +1,7 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00542{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385034,"pkt_ts_usec":843882,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00630{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00543{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385039,"pkt_ts_usec":236076,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="}
00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="}
00447{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274157,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"LFbcjDU0xCwDBkn+CABFAAA60g0AAEARAADAqAEFUvNxK5\/\/\/ckAJoYDIQJTAgb\/P19\/\/\/\/\/AADwAEnH5\/UACAAAAAAAAAAA"}

16
test/results/bt_search.pcap.out
View File

@@ -1,12 +1,12 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00555{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752225,"pkt_ts_usec":251619,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00556{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752525,"pkt_ts_usec":284866,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -20,5 +20,5 @@
~~ total allocations/frees...: 35343/35343
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 133 chars
~~ json string max len.......: 563 chars
~~ json string avg len.......: 434 chars
~~ json string max len.......: 575 chars
~~ json string avg len.......: 440 chars

22
test/results/capwap.pcap.out
View File

@@ -1,11 +1,10 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328949,"pkt_ts_usec":167396,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="}
00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328963,"pkt_ts_usec":915032,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00458{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328966,"pkt_ts_usec":914891,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00783{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328970,"pkt_ts_usec":67630,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","type":351}
@@ -19,13 +18,13 @@
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00829{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328993,"pkt_ts_usec":294069,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":766358,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00571{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":766854,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00545{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":767224,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"uDhh8wWsJOmzR64gCABFwACOANoAAH8RpGHAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00545{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":767984,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"uDhh8wWsJOmzR64gCABFwACOANsAAH8RpGDAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00494{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329015,"pkt_ts_usec":765658,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"JOmzR64guDhh8wWsCABFwABlAAVAAP8R5V7AqAoKwKgKCTBcFH4AURfgAQAAABb+\/wAAAAAAAAAAADgBAAAsAAAAAAAAACz+\/1Z4mrz13vIlLHFGU8KNmBPwkXkcj0vpbAEOfTafYoZSAAAABAAvADMBAA=="}
00482{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329015,"pkt_ts_usec":861407,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"uDhh8wWsJOmzR64gCABFwABcANxAAH8RZJHAqAoJwKgKChR+MFwASAAAAQAAABb+\/wAAAAAAAAAAAC8DAAAjAAAAAAAAACP+\/yDAqAoKMFwSNFZ4mrz11boJ8TslJR9U5jzXLHEUL1R1yw=="}
@@ -40,9 +39,9 @@
00906{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":44504,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"pkt":"JOmzR64guDhh8wWsCABFwAGWAAtAAP8R5CfAqAoKwKgKCTBcFH4BggMgAQAAABb+\/wAAAAAAAAAGAQ4PAAECAAQAAAAAAQIBAKzqmDA5ptloyEefacEa3YZgJXJyrzHF9nOG+TK9vyBNPWeO9+lhySpNcxfS8U9xgOzjbnL4Y8XZDOAhiQFo8vgjxgbH1rJwvhKQMjpbB+xdMWwdAZVbqz\/DJLtziqhxnhe\/GeuuhoXqmlJ7RBS889V98vMqx8wmgWQ9IXwmnK36CCAZCauFy7HXZ0sOzDk9wNxlY\/eY\/72RK74kwLuFDOHXIPaNDAU+HsbXTmvlbNtFVnwHDJimGDggl85KsTO808\/4PBQujPnd0LudLsXt0Z3ZQQ7ZfuPbaIy4ykb9jPf8UlzC+ettkAlrxmevD8RB2ZeTOWIDYXnJFAhBcldYXJQU\/v8AAAAAAAAABwABARb+\/wABAAAAAAAAAEBV91YC49Abw+RBYmothQ3D6tqvTueKPrWukdB\/wh0UtvIy46qL++VfDHw4siAWRqqz+G6lxJZxWYAYP9VmMLsC"}
00527{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":178283,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"uDhh8wWsJOmzR64gCABFwAB7AOBAAH8RZG7AqAoJwKgKChR+MFwAZwAAAQAAABT+\/wAAAAAAAAAIAAEBFv7\/AAEAAAAAAAAAQM4p0S2Be8BScJ9\/t\/V5ioLrBk4kt01aT9C3ULVTwKotu4SpBhH4dYERsQJCgfQ\/FU95FjFjz1ipPTEr6AwbtI8="}
02374{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":179779,"pkt_caplen":1499,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1499,"pkt_l4_len":1465,"pkt":"JOmzR64guDhh8wWsCABFwAXNAAxAAP8R3+\/AqAoKwKgKCTBcFH4FuaeNAQAAABf+\/wABAAAAAAABBaDmAzlxG66QVgkbosOGeUT5ktnM5kdDfqf0y4vZqHLD7ovzkRUa\/ObwOn6cYo4k9jzJQ6DMeI\/pr1EqMM\/AQirdxUjnphrCvlQhnglSCjmfZzINoGTcU87gocQNDgpypIE8JUFoPssg9PTkH\/c3zwNhbFDYvXQb5W2E\/UgYlVhikkkuN7d5FHT1h0PeLAckT63E4BEjFCelTVt6BqW6m+hq2vSZVEAcyoPuCMfD9z2FT7q61X2dcy41n6xQXr9OH6n8GWB2KblI+G0rmxzqC8DI9godC1JS8pBIRoI6yzZ8ZS9awHZUGf5k9fPcqxjjWL8J3dVlpkr4NzoXIBBCutVy\/5vfl8TbznxfTj7WziOniRxi+Iq24YaWL125+5UOOq8f\/zrftURrKAA9Yj2Do9NnNzE5h5kjOYFgZ+vb5vHA5W0IReEdYx4Ttsa3aZgoDc8QzeJSD55fLryL8nFdQW\/b6jHH6AsD4puPyKK12dCPsGdGbM0rMmFmtHOgBuJC72YtzPoNLKkVvKEEFgOYXK4onfbLLKAyWFvDafHnW9r5C3b5Hp3hbDLL+oxzlyHTPIDAPJgIAlLPTRo3Ma\/DHW14LsIx\/VRbCm7RVOZmzsVJYRDxf4n6K3aE45qtE58Zx0JFUB+yaEU6Uj\/iU2otshPCHbaRI87l9up85Ubwe3XRpgWSMtBZHZa0OTK3JIBIpMREShejSDLyKY+DnnNAoUnP\/7Ql5GVRBzZk\/QVy0u5lMSQSRMOF94ZXmpkkPdAxOlTVa5Ctro3OB\/WgmXbqLn7CLEawsy7i4OEM\/WnKUNDoB\/sO5hI3jAZG1+1ahmYqcdB5eVTkc\/fiuQak5G6m17muwaPWb3w3U6ffihNB1G\/0KZWCbJPI8oYBb0LrUG5\/efcDg2u6A5c6z774+yc1\/G1e3ie58xZUTJFwWoktEOOpYTKRyabVbkMeOD7fdal7VKbOlqnYYmCEVwynq2wyezZ1CMOPW94YDVkf9vO\/iFqRI0nrMAH9iiimfMD1bugFELyVDn5km63nh6nOyWmfOx1z6bxiiUOKFS4\/LYzlgovSdTCM8U2xFzjpasIC4XBo17pikTq1YpFHF5ZEsHIKa\/37lNcuYcn47q+wScm9i2IQ9kaLjI3mzMEOOGATB2NXOxfmV75qrGCBqw+Vvo6eIc3exWC558ll1oubhh1ajMKghB9wTXibG3lNkdb8gCKsGZk8MgR04ly0wrr4EGlv+gDQHMYbQFOL2eFlldKmVreEcLLGnhaPdMAvCF0UtdldbMjHcpIgbn3EL939HB28U0hOygU4J7S2\/MMCVwuQzKSqORR33idf2RynyvJBNFqpxMSGo5SRry4yCVsXD7xhGcMeMxDJrv4V\/mVkyRARl+R0jDprQYwEPdJgtt2PpqA55\/mcAcdAkHfuJZgKlQ0Vlf8nYtva9l84XhdZddmXlNcAXfkljZkNXHOqwQvJAmkKnZddci10scaj7OfU0sWlnTEAc5q9WHUiSun4sWxeKZdsn7oBUugugaesjlM5UNVUMHW7Rz3Hj21EOdnaCUQ1G\/mR9\/uiB5C2kdSvnpquEg+\/Cy8R3v4jrDoNBgsWmikv9GvL5Sji8foVqG1EYRqL7KnLdfHl1zk9SNomSEvntwoUI9eLKpsc5cMHQtnlUpcdXNGNQLDXqqgxXzEcgm0eeHB+NeiAFESghJEIkfRhFrs+0OKNHIYfgp+CHzYezil7WJPa2xzTS7eevs+L4+qJ7a4yO5C4SiGQBWrT41vsY\/uwuHHUJowpcu\/9P6pD08V7adBfe1BFvL9hq0zrk1iIJiI5otDB0ITAToyjfxx3j9Zlg+X8cBKPfE0XET4RYDNMr955aHBJz4dk81Q6TxnUQy0j2vAOsfFaxIbSJi1RJyGKlBZaB9mMO15X8SnWAVEtMz4="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329017,"pkt_ts_usec":533285,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"JOmzR64guDhh8wWsCABFwABsAAFAAEARpFzAqAoKwKgKCTBcFH8AWAAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFKDMU3RsAQJYlAAEcq6fyE50AAEcACwAFJ\/9UIA8C1d0="}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00619{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329018,"pkt_ts_usec":33268,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00738{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329018,"pkt_ts_usec":533282,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00542{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329019,"pkt_ts_usec":33154,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"JOmzR64guDhh8wWsCABFwACJAARAAEARpDzAqAoKwKgKCTBcFH8AdQAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFPxZ83RsAQJYlAAH4Ht\/dIQ8BABcALAAFORP5UJQCtLDdGwBAliUAAfge390hDwEAFwAsAAU5O8ZgngK0sA=="}
@@ -61,6 +60,7 @@
00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00818{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329091,"pkt_ts_usec":711112,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","type":375}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329136,"pkt_ts_usec":181809,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00572{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329136,"pkt_ts_usec":181810,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00818{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329141,"pkt_ts_usec":909488,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}

4
test/results/cassandra.pcap.out
View File

@@ -1,5 +1,5 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1450889498032,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32598,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32606,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"}
@@ -16,7 +16,7 @@
00586{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":43065,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"AAAAAAAAAAAAAAAACABFAAConaBAAEAGnq1\/AAABfwAAASNStcjswQ8uvbR5\/4AYAVb+nAAAAQEICifsk00n7JNMhAAAAwgAAABrAAAAAgAAAAEAAAAGAAZzeXN0ZW0ABXBlZXJzAARwZWVyABAAC2RhdGFfY2VudGVyAA0ABHJhY2sADQAGdG9rZW5zACIADQALcnBjX2FkZHJlc3MAEAAOc2NoZW1hX3ZlcnNpb24ADAAAAAA="}
00602{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":43074,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"AAAAAAAAAAAAAAAACABFAACz6ntAAEAGUcd\/AAABfwAAAbXII1K9tHn\/7MEPooAYAVb+pwAAAQEICifsk00n7JNNBAAABAcAAAB2AAAAb1NFTEVDVCBjbHVzdGVyX25hbWUsIGRhdGFfY2VudGVyLCByYWNrLCB0b2tlbnMsIHBhcnRpdGlvbmVyLCBzY2hlbWFfdmVyc2lvbiBGUk9NIHN5c3RlbS5sb2NhbCBXSEVSRSBrZXk9J2xvY2FsJwABAA=="}
00337{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":46559,"pkt_caplen":11145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11145,"pkt_l4_len":11111}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1450889498074,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74112,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="}
00438{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74125,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="}
00425{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74133,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"}

2
test/results/check_mk_new.pcap.out
View File

@@ -1,5 +1,5 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1512031663734,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734797,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734824,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
00427{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734985,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}

12
test/results/chrome.pcap.out
View File

@@ -1,5 +1,5 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620902507870,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":870345,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
00434{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899110,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899217,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
@@ -17,7 +17,7 @@
00424{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":978845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aDJAADQGT\/WSMDoSwKgBsgG7+4lEvGK9HVm3WYAQAfpWfwAAAQEICjqbFaIzdJKE"}
00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":978873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aDNAADQGT\/SSMDoSwKgBsgG7+4lEvGK9HVm6R4AQAfVTlgAAAQEICjqbFaIzdJKE"}
00834{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":979058,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjaDRAADQGTsSSMDoSwKgBsgG7+4lEvGK9HVm6R4AYAfWIxgAAAQEICjqbFaIzdJKEFwMDASqu82MYOF7Ocu0N6Rl7HCPMVxYJ0Yu4+wefoeMAmbRYZjTOJkRiwbOdCfASWo+p47ayCLCa8qiZPOcZ3x98ClvtFFUSN3056CfnE6+RJ5K\/RyQvU0Cqfug73XQD0k5hNEX\/+hMD5+TMkYmeIpGVbnZEbhaVJrxMfumjrcRrjcuPFwcolVrTo1B7hA3S2yKMbJ6iUBoR7LS6Ra6MivUODlXDVvbhLq3NFifyUpDKDVM2VRwESUrIhKnY60KryH0Va3TWlzar7hL1OJWBWTy3n01IH+oJQStgKurFFksiT3ssfVcLyUlprjWO9ht7\/g1zddPPREF05oXaQ3YfB+aSxgHz3\/HQOyjoohrMsbaXLpxIj0326qtEUmfxrHgP0dwR0asUQmHul79w29Qa"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620902508740,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":740717,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
00435{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769205,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
00422{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
@@ -32,13 +32,13 @@
00832{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828835,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjyndAADQG7ICSMDoSwKgBsgG7+4peZeffYG3Hc4AYAfkjzQAAAQEICjqbGPYzdJXCFwMDASoK99X7peGLel+vBKFIQchqeP2r94hUgvj3R+NS0k53CQC3pHBXjaQ36rJN33aZ2+WUlOSMK2XbwFUmtctna73Gsk5J9LdfRc3xcLyY9fM82FYz+x0XztgmYjj1qAhhRsK1OjbDF4klraXJiQ2XmM076UKED11XWm+09m98sDnbaRGF4EOaUWOKFVElzC43s9UdnlnxhRVN+rhhvD+CbtnpY8SJQUasszWyozDN0tU9vbvRHlCQnK3Ts58hzVIM1IPhCwSVVgWGmbaTnoS0cDU1UMTE\/ttf5SS\/yDBt7hC2lFQ85dF4t86x+Tu8I+3gnfvMwUOCYa6Wc6OUBxifF7oEyaTTkwbfvrfAiEOWd1UFeJLXkhfxSNDWYwQB4kd9EJERG7WvoCdXYUVv"}
00423{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcdzXmXpDoAQEBpOjgAAAQEICjN0ldc6mxj2"}
01392{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":270667,"pkt_caplen":783,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":783,"pkt_l4_len":749,"pkt":"EBMx8Tl2KDc3AG3ICABFAAMBAABAAEAGqVrAqAGykjA6EvuKAbtgbcdzXmXpDoAYEBqE8gAAAQEICjN0l3Y6mxj2FwMDAshIBmLbUmNyqGq5bZtWIEkTQEfzU5L5rPzKZ+6rHYeArP2fbK\/kbyvx3Rw94ExEzOSv60xEtOToTNEEVdo1H0mZHmANUiwR6f+aNhCWgqBlMfs84fb5rg81ssTO5OHt597Oe9PkXmBfYCkAvhQbsn5aQM35L+Sjxw8xgJzoxOcQbAPli8mMia+44FbqNkPrq1nISrPQAi1BS3xxm0pt3texgbSZJzQFOkMZrdn+B\/CvLnUw1kuxGiGQQGIMqTzR4Tc653x9y7NjxzBiK\/cA0LL\/tJLoUfPBYKqpQ5VPTfVphc7gXRnemxWOUMmYFhjhMqQgAm9526DpC78NqtKMgXiwF+tNVUHcQkzQheB84bi1CDvox3d7sTZ1c64jna4clJ9lq1bXqb4GOEM1Juw3E4gjSEdrC3zaTv9OXC8iIBhui6N5yMIM4odP38gIq7RkhjkuFaopeRctjRe43mJqh2ZZ7ZxryU\/M+vGtU4H+qO7H6fxA38Lol43NziWB2QzJedR4YSGRigT2AM12T31K7baDa4COsoV\/2+jWM5g\/SDSDBveybZJ02q8\/I1WBTCkUwgISAp65JfEuEFPhLlaaQf7zSFtOxPkYMwQcmM4t24HvCplC6zQsBxpzc88WxvuvXcz3GnrnSCY+5zLUSOluHNlElaPPKBybqt98dniClbc8zESHP8zL6RTISvxyErfR95g3HcJoleJUgwvUruYi9xm4isbbkKt45EdW2UsbDAoeti4cY4Ot2YV0q1KIHUsQuJjsB3ckUC14VjzfVI0GvSDNczcXXhp4uK5u60wevNSDPi5MJpr8rDAA3Btqq+CcQLCvwWIzyl5+U9F6pPMIHiTc2C3D1h6RKhCrUkLV6utzoV\/Z5FIZffQhVEuGJaXtsyHUk5ZOaJ4fbXnLZtzhnMPydapJB7ydqWJEW423G4\/1gQlsKVDwfjhs"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620902509272,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":272814,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620902509273,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":273191,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620902509274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":274034,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620902509276,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":276446,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"}
00423{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":297599,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynhAADQG7a6SMDoSwKgBsgG7+4peZekOYG3KQIAQAfVWcgAAAQEICjqbGsszdJd2"}
02388{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":299347,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUynlAADQG6A2SMDoSwKgBsgG7+4peZekOYG3KQIAQAfX6owAAAQEICjqbGswzdJd2FwMDATGYJH3Tfh\/VWL3n9mUsS4wSTQKFYup+YEAvZABy0CISZyvXqVjGbPr8PrY4qo\/Ab76GAua7iSHmfFkM9KN61\/p5N0HweQKYekUJtIDynTUX4lef8jhzPQPIGByIALiUfFKUZJz\/xVuexdJyaozEpz84y0Q4ybb0G+PfT5jWlXoe4EiQ4qBOpysdt3Y\/xlftcKEtvAHgIubFuagkT+1ZzWBP0wW2OabCiMzMzxacdu1lcn6S6ff82N9w4PGRbrHGGgc8RIOszyZlcvlDWsOzZ8hMAPJNIA\/nbY0f\/qA5qBsqHTuew1X8rne6oKtynCGk0wNnweKZ+iTYE1+yWX5tgs5p5W1ZsvBxm7z5gobnESyAayyx+Jg\/efW3x6pswK8zW7WEpVGnItUafwDon9\/nOKVzuBcDAzrI5+xRgpIaQTp3YZR3RdvqfCY9ISq9w5pgf2qpbib3D\/T9+dCQeVmJE6TLnA38s5tYBLJcodOOBY25WTIdsLJ\/AeuD7TwtHcl30tav+TlTwLND\/gMfHcPRIi4EGavP25JKzpSTd954tJfB6B9brfpNzjcmLR2YVIRADZMNLpkRzNlazKpFr3mlT9z7UqaZUsiEk2IFPUpnPMOIuVGAlB7NjGXPFxKtWmSLR3gU9ZkaIPv0cdT0tyeWunr0Viouyuc9fqZKetIeuRE\/cm\/Lh1Dwxvn5dMsfH6bhmkIcIzzNk+5Dg2rqz4RBiZLlldneK8EUGWszYCKcmitgLXQA31G1Od5YsMH\/qaPL8N\/yNYXBn5fQF77jdAvax8DMaC5AgZpbdno08nQkA5rufI1wjIgscHC6ZKXopD+\/xDR5RI\/RCez4e3KNF1XsQeSppCCuSTuuDO6Hp+6Ecl9Y692OkIrgq5vtOKdF49ETDpJLolM\/mV1tueJki36LadFzSkI0royzSABbYIRdSDojQ515IOND1NVpwF7+E7nP62DA20AGRV6LHvbcKExdbSczMprz34KTr5IJUFWBOuTykSKhOZCjIRv4Fc+duN4n\/Rfm42G8KJG\/O6p+wnYYKWgB2WkTEZUBBkAoLcD7mfpU9PG3LyEmp2HWxGfz\/54b1CPfw3avDvHLgHpi33am0FDlnrsPXxbfyVvwHgKIrucX1lB5zvKCwiBOvNMAljVlbdi6II6llSBIDESqGsbpxU4gFch6R9w9UzDCTcy\/td16\/gmOj2yDq5dg92jhI1oZdqrO0NFvDWmsUr4zT1HypPuJO8h79ZFoRKcnk1BZdJchsJPTgC68yQ\/IwSTv\/7VjpDBXPLzouKeBgk03TzlYT1S+f7AyfxnWJtqsIN7tfJJ1Kt71d3sijlujrEcTfEF1RG8YtjvGuCfH0eHV1\/g2NnTSnfNzRPFGFnaRRSOeV1LY8hFJ8GODfyBzs0XsvxsVIqAZlSeSba86yFwCpsCt45MlR2Un8shf\/rMTDKuz5z9uo22sQPN3aEI5bYUXPq6RvwVPNzsfeH06gwZ7Mdmt3awsvZvp\/w4+NtVHF6dR6ibuT+LS8DqJJjMynlJTf5sjWUO81wFUWLKP6\/o4pJLP1Qwa59S2lL8fvTDf\/Tqc0gynrRvkM0dV+vnHt2msCNybrm6DLRiRvDXyd1AwN16WF4YL0KiyUawUpG5Bv4DzgSLzQ7oBCREh\/HAeyrgM5dtgmb4bqntEs11RESYWRm0ohYv1PLxkPsA8jdkOllAP\/Xr3H7iE9ivQdvLsEYwCZRzCcfyBmCTC3Zzl5yEJWpnCzJku6G7Nbw+4BASkoUWncfgapZWWurpFRPHNoY\/UL9B\/IK7jQFo07qrZiAyvxPtWjLPogMtnNWXCRwTJtp1ICkWMG64zGGAdpYJWgaBpfZ6Qun89srdD+YBTdGp9hI\/K4Y8mtWHH\/WxsJ\/Hg4EnOxlvTamX5t7nDxdidy\/1F"}

72
test/results/coap_mqtt.pcap.out
View File

@@ -1,40 +1,40 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957710,"pkt_ts_usec":293035,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957715,"pkt_ts_usec":764217,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957717,"pkt_ts_usec":200749,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957718,"pkt_ts_usec":629009,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957720,"pkt_ts_usec":773953,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090528,"pkt_ts_usec":17876,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00425{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090528,"pkt_ts_usec":127292,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"}
00597{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090529,"pkt_ts_usec":153497,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="}
00425{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090529,"pkt_ts_usec":165959,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"uCfrprIvACTop0mhht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAMOD1gAFcP"}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090926,"pkt_ts_usec":676575,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00454{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090926,"pkt_ts_usec":735550,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00438{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":26698,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="}
00425{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":86791,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAMfrZghc6h"}
00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":240020,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00426{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":293289,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"}
00454{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091005,"pkt_ts_usec":616928,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00439{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091005,"pkt_ts_usec":672713,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"pkt":"ACTop0mhuCfrprIvht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wATioZgRZUj\/215ZGF0YQ=="}
@@ -42,17 +42,17 @@
00426{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091022,"pkt_ts_usec":272173,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gQpUk"}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":976582,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":977291,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00419{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907244,"pkt_ts_usec":175731,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332152,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00584{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00416{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332556,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00419{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":532086,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00425{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00417{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
@@ -69,14 +69,14 @@
00493{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":43373,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEMJAAIAG+BrAqDgBwKg4ZdEYRF3fAvHFrkjuJFAYAQBqdAAAMzoACUJ1czE3SW5mbwADVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"}
00419{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":44633,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKxAAEAGtGjAqDhlwKg4AURd0RiuSO4k3wLyAVAYAOXx1QAAQAIAAw=="}
00420{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":242073,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEMNAAIAG+FXAqDgBwKg4ZdEYRF3fAvIBrkjuKFAQAQA6MQAAAAAAAAAA"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":481938,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00529{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483239,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+rAFAAEAGnMHAqDhlwKg4AURd0RKQSIQbeoYoHFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00530{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483346,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+f0hAAEAGyXrAqDhlwKg4AURd0RObj0l5TWIKIlAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483430,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00588{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00424{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00420{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":484395,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMVAAIAG+E\/AqDgBwKg4ZdETRF1NYgoim49Jz1AYAP8qugAAQAIAAgAA"}
00419{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":485428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
@@ -127,9 +127,9 @@
00530{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":130232,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EQ4AAIARN6zAqDgBwKg4ZcSHRFwAaGrJQwM1B8\/MNXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00427{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":132073,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXc1AAEAR6znAqDhlwKg4AURcxIcAG\/HjY0Q1B8\/MNYsvci9CdXMxN0NtZA=="}
00530{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":239138,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8ERsAAIARN5\/AqDgBwKg4ZcSHRFwAaNHfQwM1CFi1RXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":856457,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00420{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":858898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00533{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":969405,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00428{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":973211,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyXh5AAEAR6uXAqDhlwKg4AURcxI4AHvHmZkQdqhF5z0YYRYsvci9CdXMxN0NtZA=="}
@@ -144,9 +144,9 @@
00534{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":530785,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnmO\/hCAAnAERyCABFAAB+Ef0AAIARNrvAqDgBwKg4ZcSORFwAassPRQMdr\/Kq\/CfKckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEzIEVFVCAyMDE2In0="}
00427{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":536055,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"CAAnAERyCAAnmO\/hCABFAAAxXnBAAEAR6pTAqDhlwKg4AURcxI4AHfHlZUQdr\/Kq\/CfKiy9yL0J1czE3Q21k"}
00533{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":658448,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EhcAAIARNqLAqDgBwKg4ZcSORFwAaYovRAMdsNz8WXxyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTMgRUVUIDIwMTYifQ=="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00532{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":88318,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00424{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":89637,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00536{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":193327,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00429{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":196759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0XrRAAEAR6k3AqDhlwKg4AURcxIgAIPHoaERSkLugNTWCkTE2iy9yL0J1czE3Q21k"}
@@ -161,9 +161,9 @@
00529{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":779814,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EykAAIARNZLAqDgBwKg4ZcSIRFwAZyZkQgNSlWdockRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00422{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":785600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXwBAAEAR6gfAqDhlwKg4AURcxIgAGvHiYkRSlWdoiy9yL0J1czE3Q21k"}
00530{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":902701,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7E0wAAIARNW\/AqDgBwKg4ZcSIRFwAZyoCQgNSlmPJckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00535{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":690777,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00430{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":695868,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00537{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":831283,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00430{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":835251,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"CAAnAERyCAAnmO\/hCABFAAAzX45AAEAR6XTAqDhlwKg4AURcxI8AH\/HnZ0SAZ6ExGoh1VzOLL3IvQnVzMTdDbWQ="}

16
test/results/dcerpc.pcap.out
View File

@@ -1,11 +1,11 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01262{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":979607,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
01262{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":979608,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":993940,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00625{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":993941,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
01685{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":12562,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
01685{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":12566,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
@@ -15,13 +15,13 @@
00572{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":32496,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYAAAB4RF17AqAELwKgBFMADiJQAjCmEBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAIABP\/\/\/\/8ANAAAAAAAAAAgAAAAIAAAACAAAAAAAAAAIAEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAQAA"}
00573{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":62922,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAcAAB4RGNfAqAEUwKgBC8AJwAMAjBCNBAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAIAAAAEAP\/\/\/\/80AAAAAAAAAAAAIAAAACAAAAAAAAAAIAAAAIEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00573{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":62922,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAcAAB4RGNfAqAEUwKgBC8AJwAMAjBCNBAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAIAAAAEAP\/\/\/\/80AAAAAAAAAAAAIAAAACAAAAAAAAAAIAAAAIEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":63382,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00572{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":63386,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":71384,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00572{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":71385,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}

2
test/results/diameter.pcap.out
View File

@@ -1,5 +1,5 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1263278878271,"flow_last_seen":0,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00870{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":271686,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00726{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":292831,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00891{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":336701,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}

16
test/results/dnp3.pcap.out
View File

@@ -1,5 +1,5 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1097501938503,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00417{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00417{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
@@ -16,7 +16,7 @@
00414{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1097502623045,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00417{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00417{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
@@ -34,7 +34,7 @@
00414{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00414{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1097504102255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00418{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00418{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
@@ -51,7 +51,7 @@
00414{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1097505644006,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00418{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00418{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
@@ -68,7 +68,7 @@
00432{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00432{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00432{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1097507785883,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00420{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00420{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
@@ -86,7 +86,7 @@
00414{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00414{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1097510947092,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00418{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00418{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
@@ -104,7 +104,7 @@
00415{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1097512255234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00419{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00419{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
@@ -121,7 +121,7 @@
00415{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00415{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00415{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1097513177295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00419{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00419{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}

4
test/results/dns-tunnel-iodine.pcap.out
View File

@@ -1,7 +1,7 @@
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51082,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00485{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51175,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="}
00723{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00485{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51979,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="}

40
test/results/dns_ambiguous_names.pcap.out
View File

@@ -1,52 +1,52 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625744123717,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":717337,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625744123717,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00773{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":759146,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"pkt":"VASmitEsEL9IThY0CABFAAEwD4cAADwRUVQICAgICsgCCwA1vPcBHJeKZjGBgAABAAoAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAJNcAJgI0MRJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAOwAgEmV1LW5vcnRoLWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAARAAQROZKLwGkAAQABAAAAEQAEETmSisBpAAEAAQAAABEABBE5kofAaQABAAEAAAARAAQROZKIwGkAAQABAAAAEQAEETmSicBpAAEAAQAAABEABBE5koTAaQABAAEAAAARAAQROZKGwGkAAQABAAAAEQAEETmShQAAKQIAAAAAAAAA"}
00698{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625744123764,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":764039,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABshv2HAVASmitEsCABFAABI3soAAEARfvgKyAILCAgICN\/KADUANB0owxkBIAABAAAAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABAAApEAAAAAAAAAA="}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625744123764,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00529{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":792208,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"VASmitEsEL9IThY0CABFAAB5Cy0AADwRVmUICAgICsgCCwA138oAZUD8wxmBgAABAAIAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABwAwABQABAAAIAwAVBnMtMDAwMQhzLW1zZWRnZQNuZXQAwC0AAQABAAAAqAAEDWsDgAAAKQIAAAAAAAAA"}
00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625744123796,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":796920,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ABshv2HAVASmitEsCABFAABM3uAAAEARft4KyAILCAgICN7bADUAOB0s27sBIAABAAAAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625744123796,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00645{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":823325,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"VASmitEsEL9IThY0CABFAADPnR4AADwRxB0ICAgICsgCCwA13tsAu9ue27uBgAABAAQAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAcAMAAUAAQAADJMAHgl0ZWFtcy1hZmQOdHJhZmZpY21hbmFnZXIDbmV0AMAxAAUAAQAAAOwALxx0ZWFtcy1hZmQtdHJhZmZpY21hbmFnZXItbmV0BnMtMDAwNAhzLW1zZWRnZcBKwFsABQABAAAAjQACwHjAeAABAAEAAACNAAQ0ccKDAAApAgAAAAAAAAA="}
00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625744123828,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":828193,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABshv2HAVASmitEsCABFAABO3ucAAEARftUKyAILCAgICLQ2ADUAOh0u7g0BIAABAAAAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAAA="}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625744123828,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00541{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":853778,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"VASmitEsEL9IThY0CABFAACB5h8AADwRe2oICAgICsgCCwA1tDYAbSCd7g2BgAABAAIAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABwAwABQABAABUXwAXBGFsdDINbW9iaWxlLWd0YWxrNAFswBfAMwABAAEAAAErAAStwsq8AAApAgAAAAAAAAA="}
00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625744123858,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":858437,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABshv2HAVASmitEsCABFAABT3wQAAEARfrMKyAILCAgICOEgADUAPx0zyVMBIAABAAAAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAAA=="}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625744123858,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00855{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":885159,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"pkt":"VASmitEsEL9IThY0CABFAAFrZGIAADwR\/D0ICAgICsgCCwA14SABV21MyVOBgAABABEAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAECAAwHYW5kcm9pZAFswBzAOAABAAEAAAECAARssQ5lwDgAAQABAAABAgAEbLEOccA4AAEAAQAAAQIABEp9g2XAOAABAAEAAAECAARKfYNxwDgAAQABAAABAgAESn2DZsA4AAEAAQAAAQIABEp9g2TAOAABAAEAAAECAARKfYOKwDgAAQABAAABAgAESn2Di8A4AAEAAQAAAQIABEp9zWXAOAABAAEAAAECAARKfc2LwDgAAQABAAABAgAESn3NZMA4AAEAAQAAAQIABEDpoWbAOAABAAEAAAECAARA6aFlwDgAAQABAAABAgAEQOmhisA4AAEAAQAAAQIABEDppIrAOAABAAEAAAECAARA6aRkAAApAgAAAAAAAAA="}
00704{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625744123890,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":890136,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABshv2HAVASmitEsCABFAABO3wwAAEARfrAKyAILCAgICKcmADUAOh0utWIBIAABAAAAAAABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAAA="}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625744123890,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00574{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":973076,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"VASmitEsEL9IThY0CABFAACY7gkAADwRc2kICAgICsgCCwA1pyYAhI+OtWKBgwABAAAAAQABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwBQABgABAAABKwA+B25zMS0yMDUJYXp1cmUtZG5zwB4TYXp1cmVkbnMtaG9zdG1hc3RlcsAUAAAAAQAADhAAAAEsACTqAAAAASwAACkCAAAAAAAAAA=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625744123977,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744123,"pkt_ts_usec":977935,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"ABshv2HAVASmitEsCABFAABS3y4AAEARfooKyAILCAgICKymADUAPh0yDWEBIAABAAAAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625744123977,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":6118,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"VASmitEsEL9IThY0CABFAABiUocAADwRDyIICAgICsgCCwA1rKYATu57DWGBgAABAAEAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAASsABEDppMYAACkCAAAAAAAAAA=="}
00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625744124010,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":10794,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"ABshv2HAVASmitEsCABFAABK30QAAEARfnwKyAILCAgICM09ADUANh0qX5cBIAABAAAAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAEAACkQAAAAAAAAAA=="}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625744124010,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00681{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00545{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":69035,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"VASmitEsEL9IThY0CABFAACEUooAADwRDv0ICAgICsgCCwA1zT0AcK3sX5eBgAABAAIAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAHADAAFAAEAAAK5AB4RZ3V6em9uaS1hcHBsZS1jb20BdgdhYXBsaW1nwBrALwABAAEAAAErAAQRghUFAAApAgAAAAAAAAA="}
00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625744124073,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":73647,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ABshv2HAVASmitEsCABFAABM31QAAEARfmoKyAILCAgICNK\/ADUAOB0sVeABIAABAAAAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625744124073,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00514{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":417727,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"VASmitEsEL9IThY0CABFAABsvHUAADwRpSkICAgICsgCCwA10r8AWILaVeCBgAABAAIAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAcAMAAEAAQAAAlcABMvN\/k3ADAABAAEAAAJXAATLzf7cAAApAgAAAAAAAAA="}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625744124422,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":422852,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"ABshv2HAVASmitEsCABFAABY4G8AAEARfUMKyAILCAgICK9TADUARB047MoBIAABAAAAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAQAAKRAAAAAAAAAA"}
00677{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625744124422,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00689{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00510{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625744124,"pkt_ts_usec":461060,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"VASmitEsEL9IThY0CABFAABo+pEAADwRZxEICAgICsgCCwA1r1MAVN6x7MqBgAABAAEAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAcAMAAEAAQAAADsABCncnmAAACkCAAAAAAAAAA=="}
00704{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}

2
test/results/dns_doh.pcap.out
View File

@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":789290,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876498,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}

2
test/results/dns_dot.pcap.out
View File

@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":234722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}

4
test/results/dns_exfiltration.pcap.out
View File

@@ -1,7 +1,7 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978146,"pkt_ts_usec":717893,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="}
00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00864{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00863{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978146,"pkt_ts_usec":888524,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="}
00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978147,"pkt_ts_usec":753419,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="}

177
test/results/dns_fragmented.pcap.out
View File

@@ -1,47 +1,47 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_fragmented.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1558968008021,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968008,"pkt_ts_usec":21140,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1558968008021,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02397{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968008,"pkt_ts_usec":21712,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00767{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00658{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968008,"pkt_ts_usec":21729,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00179{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1558968010233,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968010,"pkt_ts_usec":233766,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00671{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1558968010233,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00683{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02379{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968010,"pkt_ts_usec":234445,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="}
00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00471{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968010,"pkt_ts_usec":234463,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00179{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","thread_id":0,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1558968018074,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968018,"pkt_ts_usec":74594,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00671{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1558968018074,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00683{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02384{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968018,"pkt_ts_usec":75178,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="}
00787{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00459{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968018,"pkt_ts_usec":75197,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00179{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","thread_id":0,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1558968019069,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968019,"pkt_ts_usec":69107,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="}
00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1558968019069,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02384{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968019,"pkt_ts_usec":69715,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="}
00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968019,"pkt_ts_usec":69732,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="}
00179{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1558968021013,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968021,"pkt_ts_usec":13672,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1558968021013,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01540{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968021,"pkt_ts_usec":14081,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"pkt":"AIac51UUAAwpil3Xht1gCbz6A0ARQCABBHB2WwAAAAAAAAolAFMqABRQQAwMAAAAAAAAAAEGADXUngNAM\/ikOIQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00751{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1558968021026,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968021,"pkt_ts_usec":26749,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AAwpil3XAIac51UUCABFAABEdWYAAGwRujZKfS+IwRjj7ufCADUAMBuRFagAEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1558968021026,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02399{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968021,"pkt_ts_usec":27012,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00768{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00658{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968021,"pkt_ts_usec":27052,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00180{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1558968031134,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968031,"pkt_ts_usec":134211,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1558968031134,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01540{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1558968031,"pkt_ts_usec":134623,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00751{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -51,125 +51,122 @@
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1559042371783,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042371,"pkt_ts_usec":783274,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"}
00692{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1559042371783,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00748{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042371,"pkt_ts_usec":794613,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"pkt":"AAwpfKTLCFsOoYNeht1gDo22APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW6EgD2hIi5yIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYnJ8hk8Siz7hkUeklXO0ZQ\/LRIFOjEc9n"}
00719{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1559042372779,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042372,"pkt_ts_usec":779825,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"pkt":"CFsOoYNeAAwpfKTLht1gBVO1AEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTgzgANQBFzxq9qQEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACOxvEogaB96P"}
00692{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1559042372779,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00747{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042372,"pkt_ts_usec":791577,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"pkt":"AAwpfKTLCFsOoYNeht1gDjr2APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADWDOAD2QdK9qYUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAY7G8SiBoH3o+7l8juXO0ZRLEjB1nyQ3R8"}
00719{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1559042373843,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042373,"pkt_ts_usec":843248,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"pkt":"CFsOoYNeAAwpfKTLht1gAgwqAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtOwANQBFzxrdhAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACKUAwuOvHQbi"}
00693{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1559042373843,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00705{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00748{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042373,"pkt_ts_usec":854608,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"pkt":"AAwpfKTLCFsOoYNeht1gCMIUAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW07AD2Jy7dhIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMyCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMxwFLAaQAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwE4AHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BpAAEAAQAADhAABMEY4+7ATgABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYpQDC468dBuIqFazGXO0ZRcWgFHZl7TCh"}
00720{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1559042374827,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042374,"pkt_ts_usec":827134,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"pkt":"CFsOoYNeAAwpfKTLht1gAgVFAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtWgANQBFzxrqAgEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACLUmUKpHzEhG"}
00693{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1559042374827,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00705{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00749{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559042374,"pkt_ts_usec":838965,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"pkt":"AAwpfKTLCFsOoYNeht1gBQOmAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW1aAD2vA3qAoUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYtSZQqkfMSEY\/2z8HXO0ZRm3ax03ipZX3"}
00720{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1560869882430,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869882,"pkt_ts_usec":430319,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"}
00697{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1560869882430,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00709{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00527{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869882,"pkt_ts_usec":447306,"pkt_caplen":133,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":133,"pkt_l4_len":79,"pkt":"AAwpfKTLCFsOoYNeht1gBk3UAE8RPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADW+dgBPmiKR34GgAAEAAQAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAcAMAAEAAQAAADwABIZbTosAACkFrAAAAAAAAA=="}
00724{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1560869886413,"flow_last_seen":0,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869886,"pkt_ts_usec":413902,"pkt_caplen":131,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":131,"pkt_l4_len":77,"pkt":"CFsOoYNeAAwpfKTLht1gDXJYAE0RQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERzk4ANQBN7vX6xwEgAAEAAAAAAAEHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQABAAApEAAAAAAAAAwACgAIYOOBSPgiBSs="}
00699{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1560869886413,"flow_last_seen":0,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00711{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00491{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869886,"pkt_ts_usec":443499,"pkt_caplen":108,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":108,"pkt_l4_len":54,"pkt":"AAwpfKTLCFsOoYNeht1gB6MtADYRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXOTgA2KY36x4GCAAEAAAAAAAAHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQAB"}
00720{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1560869889796,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869889,"pkt_ts_usec":796469,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"pkt":"CFsOoYNeAAwpfKTLht1gDB+KADsRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+pWgANQA7UegG5AEgAAEAAAAAAAEHZm9ybWVsMQJkZQAAAQABAAApEAAAAAAAAAwACgAIf6ON2rCVwqA="}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1560869889796,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00505{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869889,"pkt_ts_usec":815677,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAD8ROyYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADWlaAA\/kK8G5IGAAAEAAQAAAAEHZm9ybWVsMQJkZQAAAQABwAwAAQABAAAOEAAEVRnq\/QAAKRAAAAAAAAAA"}
00699{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}}
00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1560869895045,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869895,"pkt_ts_usec":45855,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"pkt":"CFsOoYNeAAwpfKTLht1gAPc5ADoRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+tnUANQA6UeeM7AEgAAEAAAAAAAEGZXJmcG9wAmRlAAAcAAEAACkQAAAAAAAADAAKAAh2WSv8Ots3rg=="}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1560869895045,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00555{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869895,"pkt_ts_usec":70558,"pkt_caplen":156,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":156,"pkt_l4_len":102,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAGYRPCYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADW2dQBmf6uM7IGAAAEAAgAAAAEGZXJmcG9wAmRlAAAcAAHADAAcAAEAAAEsABAmBkcAADAAAAAAAABoGGKRwAwAHAABAAABLAAQJgZHAAAwAAAAAAAAaBhjkQAAKQIAAAAAAAAA"}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1560869900222,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869900,"pkt_ts_usec":222469,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1560869900222,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1560869900222,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1560869905222,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869905,"pkt_ts_usec":222619,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1560869905222,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02372{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869905,"pkt_ts_usec":232984,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1560869905222,"flow_last_seen":1560869905232,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1476,"flow_avg_l4_payload_len":738,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00696{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00500{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869905,"pkt_ts_usec":222619,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
02372{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869905,"pkt_ts_usec":232984,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00804{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869905,"pkt_ts_usec":233034,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
00181{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","thread_id":0,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1560869910534,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869910,"pkt_ts_usec":534637,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1560869910534,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02398{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869910,"pkt_ts_usec":547607,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
00762{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869910,"pkt_ts_usec":534637,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02398{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869910,"pkt_ts_usec":547607,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
00762{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37":"DNS packet larger than 512 bytes","38":"Fragmented DNS message"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00705{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869910,"pkt_ts_usec":547645,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
00180{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1560869913732,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":732416,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
00687{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1560869913732,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00528{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":751307,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="}
00712{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1560869913753,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753259,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="}
00473{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753590,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="}
00463{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753635,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="}
00537{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753808,"pkt_caplen":140,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":140,"pkt_l4_len":86,"pkt":"AAwpYjEqAAwpfKTLht1gD07UAFYGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBgAv46BAAABAQgKhEXfOxJ809IANIDkASAAAQAAAAAAAQh3ZWJlcmxhYgJkZQAAMAABAAApEAAAAIAAAAwACgAIG5r2Iqssl0A="}
00700{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753993,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACAGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KkhzRY\/gBAAvToXAAABAQgKEnzT0oRF3zs="}
02810{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":754562,"pkt_caplen":1818,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1818,"pkt_l4_len":1764,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSBuQGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KkhzRY\/gBgAvTPhAAABAQgKEnzT04RF3zsGwoDkhQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3ZWJlcmxhYgJkZQClPEycRWnGK584864mycocyPz2UzPNaOzNDed21YRoo\/vc4SUTXqFBtmW4SQFDBAQLu4HmqcSe1Nc\/lKoZBUovELuo0TpzIoecc5osVzoztkYh0\/HjM0DB6opa3nsZnc\/u6x+IwoIKQINmHp0TM6b4a39PjhFlDYcKunTWFZTVoNWH9aMQkbGel4qtqXppXuCjpIKG1hAoHRC2jJyGSlCdFraQGSbgmwCD72pN2IB3DT0eEm8dZSkUz1ukMYxbByeV\/wepjTFbahve8M2jv7oFcB\/NULdi5aY+Vm\/O9wLTG3ezkGC8ISe34cSfcTSZ+kpVUaegvtT9lsrv+1NJoD\/rAAApEAAAAIAAABwACgAYG5r2Iqssl0DkBYTAXQj8GfB4NaEV6oKU"}
00714{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00463{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":754588,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFj9cB\/dtgBAA2o5LAAABAQgKhEXfPBJ809M="}
00463{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":755793,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFj9cB\/dtgBEA2o5LAAABAQgKhEXfPRJ809M="}
00461{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":756036,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACAGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH920hzRZAgBEAvTNNAAABAQgKEnzT1IRF3z0="}
00464{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":756066,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFkBcB\/dugBAA2o5LAAABAQgKhEXfPRJ809Q="}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1560869916459,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":459087,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="}
00686{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1560869916459,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00511{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":473264,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="}
00712{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1560869916474,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":474839,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="}
00443{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="}
00431{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"}
00505{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475413,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"AAwpYjEqAAwpfKTLCABFAABqzqVAAEAG2+XC9wUGwvcFDphdADXWgnc6366rdIAYAOWQXwAAAQEICjHx81KVd0imADQG2gEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACMarGn+jZfIj"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00431{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqCABFAAA0gWxAAEAGKVXC9wUOwvcFBgA1mF3frqt01oJ3cIAQAONwywAAAQEICpV3SKcx8fNS"}
02781{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475993,"pkt_caplen":1798,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1798,"pkt_l4_len":1764,"pkt":"AAwpfKTLAAwpYjEqCABFAAb4gW1AAEAGIpDC9wUOwvcFBgA1mF3frqt01oJ3cIAYAONqBwAAAQEICpV3SKcx8fNSBsIG2oUAAAEABAAAAAEId2ViZXJsYWICZGUAADAAAcAMADAAAQAAADwCCAEBAwoDAQAB3e\/97SKtdgo7C1gQHdU97vP32q+LmV73\/LVdfKmWnnL\/nFqqub+t6UbymDHwaw1bYiC+IkoAnpSJTjkREqgf5\/Pap\/ZJQUcVbCTB6JbItngRkeGjC+IITH3g\/g6zA0peZ1gd7fyuUc9r7c7Klb2Bh9H2WEIored4I+rz9oUWxNMjt1D5DaQRFaIIwLJuXhY7CwGj9GWc8zjK58woiUAGIzk1ZA82YjqNjMBilijJSF30eecggOU1Dz0eldB0WbKwytpdhvuoM6g4SI6h220ofTL++0nZJFTTlEXgAS6ZpwhTMCLksvZwxDELu3uuUMjhfjY1F84sCoa455yUWPOrPc50AlZ6D8ACdJtvTYAYKRDfvRNfWFa94Be3rGk9Y4uAddIsgX+XP7CX4Obxk1YOefnMQm4SPfGi9rWDzOZFck6aoDpWEap7DEXxz7Ip40Q4fPhfj9EuZYci4Ru9ug\/TQOTkD1uHJkZWzK04mD43CEVC28FYuYPzYUW19K3a+ZsUU3ABk6dFlYk4b0vtMVwYibU4RQuaiFTIUuwEYxcMU67WTSjqmqbj3m2wG4zIk2l91Cg\/A6RSmwqLqOY2rq9GO+82IltwXKVNCuocZMa46im5SwFtReP+c6vgjqPjaToYMi5PIsORpWt2vFeYad82dK12paa8dej9gXB2Wz1txPvADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAuAAEAAAA8Ah8AMAoCAAAAPF0nsbBdACPBM3sId2ViZXJsYWICZGUAw2TKIWrDQs3Wcvql0\/ovRLl\/4p5WqB3JKD0OqWVDOeRziol1sGwhdm4Edr02rZbX4HUDGLIxy2\/cvP\/CtesdWyDaO4x4T4YkN5mT54UQ2wvNff5oPwwCZRH6OPzyB66Gjlx5BLMXJQN0n5eV86jGPHSCIwjEiEaIZqc92o3dYPEOZz4b67ok4t625JGhbrwLuiQWs0sb6ZQUxkbC4sA\/5Hk9R9HIewVXNaGesZpKsuvLyLA+txY9a9T67e6Zqwh0wrhILDu\/A\/XQkLlgi5CUMRlFVyY+QiNx7+8RRYKbtlnSuxIhAR+ax6YY2\/ISTxXqdXIIM4HUju4K+Dy9elECeKWhVhKL5UkkijegqldCpc2OVCqaAuGznETIoro5HIC0XCcwzY03D+fevfXokQWHJ0lDbuzUfwEDrC3tYHBgTGFSNvLlwAYoxSST1GEBRUSikGGMu1PGroH6HSQpTTPuT4w6ze1VGqMlvwrWxYoC2Wo3v0myxZKHfaE5LoZ3rS+38hJ5Rn8SphGdtfKj3LCgyUa0cspnPlnWfrT3Gb0F6+gFUu0WUqFE1f\/uXVXdpFrrhdsOa7JwCDlN8MCBD4bE8KvZ44W\/QafYzjB9xRW6OLKzb2OKaHDrPS4nNTrPNd27u1ckM9za7\/8Xzzj77xv\/7n3DxDtdxZwe3cIP8pk3nrvDYwAuAAEAAAA8AR8AMAoCAAAAPF0nsbBdACPBkEcId2ViZXJsYWICZGUApTxMnEVpxiufOPOuJsnKHMj89lMzzWjszQ3ndtWEaKP73OElE16hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGMarGn+jZfIj3Q42RV0I\/Bw32stEZNYEIg=="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00431{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":476018,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqZAAEAG3BrC9wUGwvcFDphdADXWgndw366yOIAQAQCQKQAAAQEICjHx81KVd0in"}
00431{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":476865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqdAAEAG3BnC9wUGwvcFDphdADXWgndw366yOIARAQCQKQAAAQEICjHx81OVd0in"}
00431{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":477262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqCABFAAA0gW9AAEAGKVLC9wUOwvcFBgA1mF3frrI41oJ3cYARAONqAwAAAQEICpV3SKgx8fNT"}
00432{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":477286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqhAAEAG3BjC9wUGwvcFDphdADXWgndx366yOYAQAQCQKQAAAQEICjHx81OVd0io"}
00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00543{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1560869905222,"flow_last_seen":1560869905232,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1476,"flow_avg_l4_payload_len":738,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":732416,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
00699{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00528{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":751307,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="}
00712{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753259,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="}
00473{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753590,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="}
00463{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753635,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="}
00537{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753808,"pkt_caplen":140,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":140,"pkt_l4_len":86,"pkt":"AAwpYjEqAAwpfKTLht1gD07UAFYGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBgAv46BAAABAQgKhEXfOxJ809IANIDkASAAAQAAAAAAAQh3ZWJlcmxhYgJkZQAAMAABAAApEAAAAIAAAAwACgAIG5r2Iqssl0A="}
00700{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":753993,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACAGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KkhzRY\/gBAAvToXAAABAQgKEnzT0oRF3zs="}
02810{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":754562,"pkt_caplen":1818,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1818,"pkt_l4_len":1764,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSBuQGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KkhzRY\/gBgAvTPhAAABAQgKEnzT04RF3zsGwoDkhQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3ZWJlcmxhYgJkZQClPEycRWnGK584864mycocyPz2UzPNaOzNDed21YRoo\/vc4SUTXqFBtmW4SQFDBAQLu4HmqcSe1Nc\/lKoZBUovELuo0TpzIoecc5osVzoztkYh0\/HjM0DB6opa3nsZnc\/u6x+IwoIKQINmHp0TM6b4a39PjhFlDYcKunTWFZTVoNWH9aMQkbGel4qtqXppXuCjpIKG1hAoHRC2jJyGSlCdFraQGSbgmwCD72pN2IB3DT0eEm8dZSkUz1ukMYxbByeV\/wepjTFbahve8M2jv7oFcB\/NULdi5aY+Vm\/O9wLTG3ezkGC8ISe34cSfcTSZ+kpVUaegvtT9lsrv+1NJoD\/rAAApEAAAAIAAABwACgAYG5r2Iqssl0DkBYTAXQj8GfB4NaEV6oKU"}
00714{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00463{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":754588,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFj9cB\/dtgBAA2o5LAAABAQgKhEXfPBJ809M="}
00463{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":755793,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFj9cB\/dtgBEA2o5LAAABAQgKhEXfPRJ809M="}
00461{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":756036,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACAGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH920hzRZAgBEAvTNNAAABAQgKEnzT1IRF3z0="}
00464{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869913,"pkt_ts_usec":756066,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFkBcB\/dugBAA2o5LAAABAQgKhEXfPRJ809Q="}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":459087,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="}
00698{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00511{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":473264,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="}
00712{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":474839,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="}
00443{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="}
00431{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"}
00505{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475413,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"AAwpYjEqAAwpfKTLCABFAABqzqVAAEAG2+XC9wUGwvcFDphdADXWgnc6366rdIAYAOWQXwAAAQEICjHx81KVd0imADQG2gEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACMarGn+jZfIj"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00431{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqCABFAAA0gWxAAEAGKVXC9wUOwvcFBgA1mF3frqt01oJ3cIAQAONwywAAAQEICpV3SKcx8fNS"}
02781{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":475993,"pkt_caplen":1798,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1798,"pkt_l4_len":1764,"pkt":"AAwpfKTLAAwpYjEqCABFAAb4gW1AAEAGIpDC9wUOwvcFBgA1mF3frqt01oJ3cIAYAONqBwAAAQEICpV3SKcx8fNSBsIG2oUAAAEABAAAAAEId2ViZXJsYWICZGUAADAAAcAMADAAAQAAADwCCAEBAwoDAQAB3e\/97SKtdgo7C1gQHdU97vP32q+LmV73\/LVdfKmWnnL\/nFqqub+t6UbymDHwaw1bYiC+IkoAnpSJTjkREqgf5\/Pap\/ZJQUcVbCTB6JbItngRkeGjC+IITH3g\/g6zA0peZ1gd7fyuUc9r7c7Klb2Bh9H2WEIored4I+rz9oUWxNMjt1D5DaQRFaIIwLJuXhY7CwGj9GWc8zjK58woiUAGIzk1ZA82YjqNjMBilijJSF30eecggOU1Dz0eldB0WbKwytpdhvuoM6g4SI6h220ofTL++0nZJFTTlEXgAS6ZpwhTMCLksvZwxDELu3uuUMjhfjY1F84sCoa455yUWPOrPc50AlZ6D8ACdJtvTYAYKRDfvRNfWFa94Be3rGk9Y4uAddIsgX+XP7CX4Obxk1YOefnMQm4SPfGi9rWDzOZFck6aoDpWEap7DEXxz7Ip40Q4fPhfj9EuZYci4Ru9ug\/TQOTkD1uHJkZWzK04mD43CEVC28FYuYPzYUW19K3a+ZsUU3ABk6dFlYk4b0vtMVwYibU4RQuaiFTIUuwEYxcMU67WTSjqmqbj3m2wG4zIk2l91Cg\/A6RSmwqLqOY2rq9GO+82IltwXKVNCuocZMa46im5SwFtReP+c6vgjqPjaToYMi5PIsORpWt2vFeYad82dK12paa8dej9gXB2Wz1txPvADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAuAAEAAAA8Ah8AMAoCAAAAPF0nsbBdACPBM3sId2ViZXJsYWICZGUAw2TKIWrDQs3Wcvql0\/ovRLl\/4p5WqB3JKD0OqWVDOeRziol1sGwhdm4Edr02rZbX4HUDGLIxy2\/cvP\/CtesdWyDaO4x4T4YkN5mT54UQ2wvNff5oPwwCZRH6OPzyB66Gjlx5BLMXJQN0n5eV86jGPHSCIwjEiEaIZqc92o3dYPEOZz4b67ok4t625JGhbrwLuiQWs0sb6ZQUxkbC4sA\/5Hk9R9HIewVXNaGesZpKsuvLyLA+txY9a9T67e6Zqwh0wrhILDu\/A\/XQkLlgi5CUMRlFVyY+QiNx7+8RRYKbtlnSuxIhAR+ax6YY2\/ISTxXqdXIIM4HUju4K+Dy9elECeKWhVhKL5UkkijegqldCpc2OVCqaAuGznETIoro5HIC0XCcwzY03D+fevfXokQWHJ0lDbuzUfwEDrC3tYHBgTGFSNvLlwAYoxSST1GEBRUSikGGMu1PGroH6HSQpTTPuT4w6ze1VGqMlvwrWxYoC2Wo3v0myxZKHfaE5LoZ3rS+38hJ5Rn8SphGdtfKj3LCgyUa0cspnPlnWfrT3Gb0F6+gFUu0WUqFE1f\/uXVXdpFrrhdsOa7JwCDlN8MCBD4bE8KvZ44W\/QafYzjB9xRW6OLKzb2OKaHDrPS4nNTrPNd27u1ckM9za7\/8Xzzj77xv\/7n3DxDtdxZwe3cIP8pk3nrvDYwAuAAEAAAA8AR8AMAoCAAAAPF0nsbBdACPBkEcId2ViZXJsYWICZGUApTxMnEVpxiufOPOuJsnKHMj89lMzzWjszQ3ndtWEaKP73OElE16hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGMarGn+jZfIj3Q42RV0I\/Bw32stEZNYEIg=="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00431{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":476018,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqZAAEAG3BrC9wUGwvcFDphdADXWgndw366yOIAQAQCQKQAAAQEICjHx81KVd0in"}
00431{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":476865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqdAAEAG3BnC9wUGwvcFDphdADXWgndw366yOIARAQCQKQAAAQEICjHx81OVd0in"}
00431{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":477262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpfKTLAAwpYjEqCABFAAA0gW9AAEAGKVLC9wUOwvcFBgA1mF3frrI41oJ3cYARAONqAwAAAQEICpV3SKgx8fNT"}
00432{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1560869916,"pkt_ts_usec":477286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqhAAEAG3BjC9wUGwvcFDphdADXWgndx366yOYAQAQCQKQAAAQEICjHx81OVd0io"}
00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00543{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 66/59
~~ skipped flows.............: 0
~~ total layer4 data length..: 18845 bytes
~~ total detected protocols..: 22
~~ total active/idle flows...: 22/22
~~ total detected protocols..: 21
~~ total active/idle flows...: 21/21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 1963379 bytes
~~ total memory freed........: 1963379 bytes
~~ total allocations/frees...: 35460/35460
~~ total memory allocated....: 1961779 bytes
~~ total memory freed........: 1961779 bytes
~~ total allocations/frees...: 35457/35457
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 139 chars
~~ json string max len.......: 2815 chars

4
test/results/dns_long_domainname.pcap.out
View File

@@ -1,7 +1,7 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1599686652,"pkt_ts_usec":555538,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00697{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00562{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1599686652,"pkt_ts_usec":578187,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
00707{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}

1010
test/results/dnscrypt-v1-and-resolver-pings.pcap.out
View File

File diff suppressed because it is too large Load Diff

136
test/results/dnscrypt-v2-doh.pcap.out
View File

@@ -1,21 +1,21 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":533748,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02338{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":797787,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02251{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":797978,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
00454{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":798962,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"REREREREZmZmZmZmCABFAABG4UpAAL0Gsf4KAAABi2PeSNGqAbt5f9uy6vvLelAYAfUqoQAAFAMDAAEBFwMDABPWqttRMY+Z46PAR95YRNrv8Sy\/"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00797{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":58659,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02326{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":325554,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02250{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":325747,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
00453{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":326863,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"REREREREZmZmZmZmCABFAABGIvlAAL0GcFAKAAABi2PeSNGsAbu+7R++IflDb1AYAfUqoQAAFAMDAAEBFwMDABNO8IRSNKqnBU+tmi3o0yr7jeRP"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00823{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":432784,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04349{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":474088,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01548{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":474151,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
@@ -31,9 +31,9 @@
00460{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":516599,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH8ZdAADUG\/9K5X9oqCgAAAQG7xbYrbTmSao0TblAYAfXKPwAAFwMDABq2w+EgNw1Uc4R5UXmOYRclitVqGcW6tjqy7Q=="}
00565{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":517294,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"REREREREZmZmZmZmCABFAACSUWBAAL0GF78KAAABuV\/aKsW2AbtqjRONK205sVAYAfVUywAAFwMDAGXrvgAlUHCjITpl4KMASatmqna9e\/E+FqvmZh7UxJcnge5ROlIX9hZsf4Ya92Ea2RROdlp098UA+mdHl5vxFOf1boQLJpYUnuHc3BdCsWdWSLwcpgO\/rDPjVLlI4Me24bd9SJzWTg=="}
00569{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":535061,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWUWFAAL0GF7oKAAABuV\/aKsW2AbtqjRP3K205sVAYAfVUzwAAFwMDAGlo6TRtzKG2Adwzj03nWd9OaygWX7gjGe9hX13CVMXOcFy2nYCY6j\/80gf5Bt1OkzQH0vPzsKbCxgckIEET7XKmYgeG2kNLad+9Ya0NpTF2SiB0RB7Qw\/V29rzYCtSBJC6ss51HwxxhdQ0="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":846437,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04667{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":885416,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00507{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887457,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
@@ -49,9 +49,9 @@
00560{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":917223,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRCqtAAL0GKy8KAAABM56TMtqaAbsV\/EuRhf1IW1AYAfWIEAAAFwMDAGSama1Yhb51kK2zbQ6rM5eFyfh7rS1snhG9VmY4XL+xDlnXMLc84rbL3uR95gwnzpyGXbL2WOZQWI4tSDxAo8uplzLFHVcroxi48kgP5kyZVcB\/WhwSKkWrDV3iMlXjmckAj51E"}
00568{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":917307,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWCqxAAL0GKykKAAABM56TMtqaAbsV\/Ev6hf1IW1AYAfWIFQAAFwMDAGkg3rUd+kv9D7LpeRqMgxeTsATVsDIt1mVHZnZqap6LKtw1K9Gl\/XnzCbmcIcjEn6NFnYjtNrvcQuyI+J3IiMpas9FE+4hRsQRXQ8osoT3u2QKxF0Kde5d9akjBi20rbEm5NigAzZOpgMU="}
00483{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":944858,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"ZmZmZmZmRERERERECABFAABYgBVAADcGO\/4znpMyCgAAAQG72pqF\/UhbFfxMaFAYAfVMZQAAFwMDACvzd62r12MvNm4T9ST9QVvoNu+55SlThx2NBggyYv+RPK5HD9OFiDS2kFMI"}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":16448,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":61248,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00613{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":63924,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
@@ -67,9 +67,9 @@
00561{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":110719,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRJY5AAL0GgtwKAAABuf2aQugMAbv\/W2rVE34e6FAYAfUVgAAAFwMDAGSwGvxSL3FIyDR310\/9O7PcMPe0ggdrreIARkJTs2CLGVT1Ypiw13DA1nyD6gImpazyC5vUf1UFekKskNcT2L7LbMB\/g+5wrrV5znXzb6XmxNp1ibeEuMn3nwejnFN9EIiup5Kt"}
00570{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":110871,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWJY9AAL0GgtYKAAABuf2aQugMAbv\/W2s+E34e6FAYAfUVhQAAFwMDAGl4Ax7b\/n2TYV+yAF7kw\/tZI7yNepzO7WMF9ElM742tNU0B1rqhUIxffsYxoT0e94SkRODtGgqBbI5T1DuYgzpRkCmv\/VBGiBWFJFnG96I91tiatUHn0Ag2aFFicyHE0j8xCQuA5vGVoO8="}
00465{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":152934,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL+VFAADkGM1+5\/ZpCCgAAAQG76AwTfh7o\/1trPlAYAIUVngAAFwMDAB5IOLZETBFPI2tNUcP0eQPXsxWmDRunSXpjj7yYkUU="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":650572,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02386{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":852459,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03390{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":852672,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
@@ -84,9 +84,9 @@
00570{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":49558,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWLvpAAL0Gw\/IKAAABrGhdUJ\/qAbvjN29olQPAulAYAfXK\/QAAFwMDAGn1FOkTV8bkkUFsuChemkwWhSKcZnZUV5rDptmc\/he41kQXSfhBbGvHpaGpylzzgsGVyupoZ20AruLps9TDAGvxqBhIazXRcryUNoAnFkGoZvlonJzUO8s+\/7AiDlBJ8C3ozU7+6HZhRlE="}
00799{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241227,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"ZmZmZmZmRERERERECABFAAFBYsVAADcGFX2saF1QCgAAAQG7n+qVA8C64zdv1lAYABYDRAAAFwMDARTrTqe\/uHssUSe\/BxhHUCQnJdK8zPVZzxi61zBMtiDfzpbO88e+tPjHzdRl6FcUa+bNfalZxPGXaQ+zB1NyAOYpH2UrhmWzi1qPlCYzZkG8Szz1HaauJAYnB0P3OPeOU4747d+bb70yirGt8iJL90AeQy1tELZt6ToWjyyyDcQ50bJED8\/OlUkfbS6pcPtAKzSdD2oH3ZDav5+EQgksXYHvZ3e2yPeCOi6FPQya7KNI5O05wb2J0Yrqi+eF9cKQx6Ef0GOy1QN8QgjZG7D4y\/SoPB4TeV5S72x0nGMxV8z2gZ3r2w2ez3ujPbpr0kHRNVU4Pa7+P11fiZ1flJCoH7xKpzJtrzRY\/BfEtfcWpiTZMR8qzv0="}
00466{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241606,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLLvtAAL0GxDwKAAABrGhdUJ\/qAbvjN2\/WlQPB01AYAfXKsgAAFwMDAB6h799Z6YSmgeoCnvmbPudRM5Zunhi\/Era65MsC8qs="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":588567,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00856{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04632{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":697795,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00505{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700192,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
@@ -102,9 +102,9 @@
00463{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807508,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLz7pAAL0GqUUKAAABp3LcfZKaAcWpCIrjh0yFQlAYAfVE6gAAFwMDAB5H180FN1WxacaxhnoQHhq2NjiZyrRyAme0TEU8JOI="}
00564{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807613,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"REREREREZmZmZmZmCABFAACTz7tAAL0GqPwKAAABp3LcfZKaAcWpCIsGh0yFQlAYAfVFMgAAFwMDAGZ4tXqlwfbAQvZu8ODXG8wQDCvKFpu\/Su7bFHNR4TqZWjHfQcytP0HkKD+su6Jwbzx6PS8b9VRvaNXJwIYoXHnyA0b\/zq9gf9gDnSOtgSSK654K03rZszN9Ew6dltH4fGIG912EB9U="}
00568{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807685,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWz7xAAL0GqPgKAAABp3LcfZKaAcWpCItxh0yFQlAYAfVFNQAAFwMDAGkkDzU65XfdIOYT+nJzAb5iwIS79Iug7SsJVvuIivcTddhHId7chPL3Z4DfINNbg5VXCvFXc9IpSlgsLyK103E8hL6U6\/nz6LtSnd0GMTNlhz9hqobz83bi9FGSwAgX\/N289OYycU2ONOA="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00795{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":980322,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04468{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":16000,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
00587{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":48333,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
@@ -120,9 +120,9 @@
00539{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":117844,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"ZmZmZmZmRERERERECABFAACA5YJAADUGXwy5K4cBCgAAAQG7lSox5LHbq4QrSVAYAPUtRAAAFwMDAFMM3BAgXmTBsszXKmPJMeQOI0MkfcYQA+ooKae5hUP4MLmmY0Ld7Ih0Dxjdtk95UcVjx99quseqon6HZoBzdoLKcy0HNp6dn4X8nvirHS9hBjPbpg=="}
01110{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":117867,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"ZmZmZmZmRERERERECABFAAIi5YNAADUGXWm5K4cBCgAAAQG7lSox5LIzq4QrSVAYAPUvDgAAFwMDAfUM3BAgXmTBs1EK1nwDpA88In8MceRrmtJr2Wr4aoGn3\/n2lDfrsPqQIBb4xIkDKr+I2Sj+uDNXlePUZ6J1jVI+0qdO9IqbHhqFT22V25ts0QyQ4VGab5UJTinlh\/mN\/OiNvXbisYzaG6BEYfKj3wcbkNUWOxfW7DrEIJk2c5tdTz9u\/f0Vrp5jE2tqJHmzfL\/0yUnewzzy0R00ovZ61HlVYKs+Nrzgbi49J2eDzKj2GlootXyxkli7MBhoNehJ6BqKpnQhvFVjHXixnbu\/3miHh15czY04hueDFv23\/N5Db2FZhL05Xp9Fe5ZThoWZOpYKBWQZlTb265ZkcmCVNJNZWkNkvGOtw\/fK6QkzIJaSQnMKlnCD94ceC0oVOpbKCHADINuM1SwUtcuZz4wsykjAlHWdJkknp\/W1GjsBrD6z\/QdBQBqFyTbn+nEqESVwEhOTVz9BPSGznJc+44haEBDvenvoKqPZ\/y68H6aaocqKOSld1\/ZOolE4+QDtZBSk50c\/DsvdUtXFg6t1b40dUBvlcKDyIKs6VFOGyO\/BfMIruYRGQm+7Gq8xV2iH4YP93CtqIEycckUV3HnkYB6thnLC8c6ovcFGmZZX1aXXD6KzprKovxrN1Yw9fQjLR0JzntgwVfgZCvZ5aCfFG4E+lVeKVNJQ\/xE="}
00472{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":118184,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"REREREREZmZmZmZmCABFAABSYCpAAL0GXJIKAAABuSuHAZUqAburhCtJMeS0LVAYAfUBLgAAFwMDACUAAAAAAAAABY9aRMDmOR8f9esMpluWV5JN3iwergY59UqdwDxq"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":335665,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02390{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":357881,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02540{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":358034,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
@@ -138,9 +138,9 @@
00563{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":417268,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACR8XdAAL0G+R8KAAABCQkJCso6Abuxr7zAL4gDklAYAfXTUgAAFwMDAGR9NyGzywy8SdhomKhtO\/rl30vXbMuXESX\/Q8svv20kgZYHPLVif9KPBXpYw79WxwwmtvYreHRJn7\/WUhroH5ZlNkuGsDwGzjA6xI2Sey+ge6QhNtyEV9KdchXRnVn2Msg\/+Eh0"}
00569{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":417407,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACW8XhAAL0G+RkKAAABCQkJCso6Abuxr70pL4gDklAYAfXTVwAAFwMDAGkxHi7McmOLywyC2PPw48UhmG\/9LXtg7UsntSmiizF8Yv9hL\/Ad329PtDJntMJthJHT0ze2DDxyNWp+GsXY2IzfJqhuk3CVqOHhIXcY+f1E6Q0xPMk6i38qjmbOTbgzfhZkNPGDhHAtPqQ="}
00670{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":438918,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ZmZmZmZmRERERERECABFAADgErRAADsGWZUJCQkKCgAAAQG7yjoviAOSsa+9l1AYAHsy3wAAFwMDALOz4PktMFNHUYrjN62jZzcxw2rdFk9CrcaNJdo6vQJbYD3BkXnVTr8yO7lhjCoid0EqYQG+pQtv2M1dVuSBYMKnxUHfKmyRLxDA4ztpH9k6i0xArNPBFhlubjZeUmnLnGOFdZcEY5NrixI1zSznaRB0eNi4NZNdo8W75WFzCb7Bh473FVqN60zSDdXW9\/k84Yy\/z5tJw2QECH94F+ndKFsosBHDrntfy138Vv86iPQcEg\/geQ=="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":566393,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04347{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":603972,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02306{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":604153,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
@@ -156,9 +156,9 @@
00555{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":641933,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"REREREREZmZmZmZmCABFAACKTLtAAL0GMjgKAAABuYbEN9gaAbsU0wdjjAL\/T1AYAfU+9wAAFwMDAF1on4nRvK2bkyWrlP0SAUuwD6w5rSzlhYgB6nl5ZQnEauQD2MIH+b+D4mRwD\/YaKUTywjUobUg\/VtD7WsuFfZj8T2odlVaHwsNqDuInuL5BG64WdECnwrPMmLga7G0="}
00574{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":642037,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWTLxAAL0GMisKAAABuYbEN9gaAbsU0wfFjAL\/T1AYAfU\/AwAAFwMDAGktFlMcQj8Va+OYpDNiB95\/ro587yr93e8zdihbqyMV83P2IZwsj0f+Jv9pHYGQ9n2AtFwdPKePqMzPeblgmCnpM3qDLrw8kY1C\/pQgd\/Qdtlar9i\/afTUePgE7YfQmH2jHTE0uokGzZb4="}
00687{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":676139,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"ZmZmZmZmRERERERECABFAADqg4dAADQGhAy5hsQ3CgAAAQG72BqMAv9PFNMIM1AYAfVnsQAAFwMDAL2QlTU5MNbz+YYrvQfbMQnVVpssEvR+MjlkcOHM62BV0M7DDvyuV8VlfsrwJh6+bCtT\/6rB\/jECI\/SJOtv9w0JHz8w5lYAYSg7eFz+LalbB2hwEqp6U7v3N75+vEfOdsLYkulzq\/cXhvHOPXSRhaeLc24NkG87nlS5QBbHje2FsnGVDwjXfKAh0YBjlxQe0btOA\/Wga8xh0lymrB5k1eb9\/jeWmcathMoM\/0N5YAHOqOLLyX67dwh63luW+DXs="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":703652,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04359{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":732715,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00616{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":734143,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
@@ -174,9 +174,9 @@
00466{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763803,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLvxpAAL0GjfYKAAABMw980MyiAbu+o\/q5hj5ZK1AYAfVw2QAAFwMDAB6tOffBq7b64QmsSd+v2c786Zhv5fiYEDuaa3zhYCk="}
00569{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763883,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"REREREREZmZmZmZmCABFAACSvxtAAL0Gja4KAAABMw980MyiAbu+o\/rchj5ZK1AYAfVxIAAAFwMDAGUSdilsnk\/DPCg2yJSmsPDr7T33UpDt7+fouyU7qugS3mc9WlRpzhBODn6kogeE8qQPmYW+sgOJpYyaj\/fEVTl5HFaT10uDxxLeSCv\/DfULel8k7sQWkW\/x89wDwp8NSpi0WLeX0w=="}
00572{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763986,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWvxxAAL0GjakKAAABMw980MyiAbu+o\/tGhj5ZK1AYAfVxJAAAFwMDAGkcIdxZpkdanT9u5zf3CPqQB\/78XpNb\/ByXljyCZgyJpkvfvLYi97zU3lVUx1ibVLgT1FzxzwmcB6WJ8gKgQ\/+uQH1RAtsJmi+4IgEvK59Ia4TDcUFuqPyr9T47vrlX9m3EHNX1jLuPzfE="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":203391,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02381{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226652,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02393{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226720,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
@@ -192,9 +192,9 @@
00587{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":253667,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"pkt":"ZmZmZmZmRERERERECABFAACjJ6xAADYGMyl0y7P4CgAAAQG7ovhHE1aFaJwkkVAYAfWNfQAAFwMDAHbNNMxlK2hi+kM73RG+R9mVK1k1n278Xq2fwo65cKzW32ncn3dJ7kB\/wz+TBKjCjHuzTa3am\/FIFV25etmokJlONLLJrfcoS+4PkOtmintpqLX1\/mQcZ5cwcG1CyWfqnc5A+A1kfAB6j4X1LC+tm9SmlL8k5lmx"}
00809{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":254160,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"ZmZmZmZmRERERERECABFAAFLJ61AADYGMoB0y7P4CgAAAQG7ovhHE1cAaJwkkVAYAfU4YgAAFwMDAR5OjaBU4K9RxaEOIHl9RkqXTssLDishesbzjLuUbDAZDJRFnzyaj8ejMM2ueTD6CLNtc2jjLJ57t1g80LgQbfy+JUMoRcjIg2IhWkko7S39iw6bgbvyFu3qH1cVkJkjMLOEtHMOGvK4yLYcn21AtyDTIr0Dds40lNJS5EgMcBmhGdtQpaMyXjkJRvHbR3JAZL+cEgYUfuF7xSkh0zPrqz7JjgwtwL0VYQpeusE93XLn+m308ziE6DVryUHuJj7+c7wd8sJ8cb5hVwtxDaAvhSlRMwIlHPrEGLQBNmUFaMohgZq0V19XXuBHz+cBpdoF3+8cnhG48hJE9MwRgEbCeOVFu\/pxXrE0wmFPSGGGmePjRa2StuxxBWE6hgEkPVLz"}
00466{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":254389,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLaJpAAL0Ga5IKAAABdMuz+KL4AbtonCSwRxNYI1AYAfXpvQAAFwMDAB4\/8FLPAjMrydunzm041lSiRjMKOj5EiHlPHgxxkXE="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":842290,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":868005,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01443{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":869199,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
@@ -211,9 +211,9 @@
00798{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":37345,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"ZmZmZmZmRERERERECABFAAFAyWpAADgGllbDHl4cCgAAAQG76noxQg7JybKIylAYAfXY2AAAFwMDAPTBSH\/KUN9Ho41cffCQxrJYqIef6Xn8cytekOXeeAPHjzza5w5Lk\/Fs5hXSHCDw5NX72Ztnf7IH6QGxoxyIJ1HUWKk+Edlf1yCaaiWSG2qK0boEbCex1OgZCSzfuqjAo1mHvYIcjlHdYDJB5a9RjE\/U5d3pi1ylEMZuVl9S7BmnFfzWYQLG9VTEqRoJUXsx5QLiwYAlmszUJDalFHNSRVxzZZvw6QxVh+8FC1InrW1oyRKR2xFIYp4YUJ3wdWp5tEn2LIvCuBP1JRsGgB49yTiHweVhl2D1toTYHLPXBFKveGUx4gMgeosIn4YM+HOhJb4bRHYOFwMDABqApNe+JAK5l37wbw8X7NNtNzFmPvcJ8YVILA=="}
00449{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739327,"pkt_ts_usec":879259,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAzAFAAL0GD78KAAABwx5eHOp6AbvJsojKMUIP4VAYAfXiKQAAFwMDABPOFDsRNkPmvUgsjvIivquiUuss"}
00450{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739327,"pkt_ts_usec":879293,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABALvxAAL0GxEYKAAABrGhdUJ\/qAbvjN2\/5lQPB01AYAfXKpwAAFwMDABPe80YjBSFaopQ49brkBueHC77J"}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":955395,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04354{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":992908,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01404{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":992967,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
@@ -227,9 +227,9 @@
00569{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":20009,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWM09AAL0GpIQKAAABuelq6LZCAbsgVVYbybMbY1AYAfXmFgAAFwMDAGlkty+gqGrZ6kcEx6eBNJkFXATj\/PJ2qcItHe\/UVJd0Zib66d2kn86BcOtb4B5FFYHtH6onDNf0gbokZwIoYEMVa0r17ktTXFUNebFvyIdqYEIhAVbONH2RHpX1ccsyOFmwuGRf8aZpw9E="}
00683{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48007,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrvvdAADkGnIe56WroCgAAAQG7tkLJsxtjIFVWiVAYAfXszQAAFwMDAL5fINknzSWUmJfsu6P5GG2HB04fm9Xp7ShxhoWlZA2Gsvv1uYsUhk1FoHjhZmw3jgY7hhBO4qrsQXrxPHGKcJRhNk5YjXZq0Iq+Xc\/0f\/Wfudy5r79osixFidmFWbYPxQ+dQuZ0OQb1xmezDUI0x31kyUuCW2Rp54AKfccofoQiACif0\/hxjLMQJ0jL0Irnhj4RevmIj9hvfxGMqPHsfxDIUxm6IpyxgtbAA4OSpTMWQWyososskgVkuA\/Ffiha"}
00464{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48238,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLM1BAAL0GpM4KAAABuelq6LZCAbsgVVaJybMcJlAYAfXlywAAFwMDAB46We2Qp+l8+vEhQuOpjYEBZk1tUGLiEp2u6nYNM2Y="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":407664,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00856{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04625{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":519522,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":521785,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
@@ -245,9 +245,9 @@
00562{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":632552,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRD2NAAL0Gc+EKAAABlTjkLYysAcV+b2bH8dMdC1AYAfU6pgAAFwMDAGRDuH0SRNge4KtZJvTqZaQaq1HgJSCCMpnQKHMI6ovV3CB\/t7j+uraRVyqkljO5z4BxQF+HTGb50xsX4UmW+lMgAbNvmHAFAzVZFYVqLizRSaFP7VQiTmHMNiIa\/c1OBP6HA27b"}
00570{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":632819,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWD2RAAL0Gc9sKAAABlTjkLYysAcV+b2cw8dMdC1AYAfU6qwAAFwMDAGlXhFdWqvEhyTlDp6w1hPZVH1D4QGtG5TFAn\/M+fvanG054BYUJax5Hl\/f1KcEDrezIHYgOsJiAwxt7unRbKlztIlLkkXB8fI0RhD6y08eFlXpDTXDQ8ateflvgRq7dQVPGMZlNlXa5z5w="}
00465{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":742064,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL6DRAADQGJFaVOOQtCgAAAQHFjKzx0x0Lfm9nnlAYAfU93wAAFwMDAB5Ji3IaPqPqsPpO7e7I7ITP5Ggy7RENl6Impzd4GGE="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00811{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":961764,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":12422,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00614{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":15352,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
@@ -262,9 +262,9 @@
00569{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":65278,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWP0RAAL0G1GcKAAABLZm7YJSCAbsJfFW7n27zRFAYAfWqPgAAFwMDAGn6PtIkVHmoMJzjgnATo\/ZJEjP78dbfTDYCDqYkTi3+wLGg0MV7H5ZkPBTMTwrv4al6lvpl6iYG+my2jimgUkz\/xkX3NfQvTv8nr8kDL3hBX18zhdwCA1rVR9xVIWVhkT84sSRuAePVKBc="}
00466{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":111124,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABLVwFAADYGQ\/YtmbtgCgAAAQG7lIKfbvNECXxWKVAYAINn0QAAFwMDAB72vYhNJfr2emZvkuGwRpUrsgwkpkyMMIbGlSfK6XM="}
01125{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":138384,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"ZmZmZmZmRERERERECABFAAItVwJAADYGQhMtmbtgCgAAAQG7lIKfbvNnCXxWKVAYAIONrQAAFwMDAgB4l98RxKWfbSMotLDSiQR6edN2EYdpxWoGfSeyS0FoxV2bjBprpJnZ2sR6iqNqaW\/HJKptSnpncrSntS57Q5FQ06f8g+Ne1Nto\/RhX0aRCKOG62K3tZIL1VwtOwgn9so58Dtam2oYRg0273TQzl+9k3X4GKn54g26VYZ3sPhxiOPtJkAPonIbhid2\/PGAf8i6TxbGZsPdWzUDht+loR4pnPvhPoEqtqRiB6jWGXFXKTjtxTdPA\/Dvylgr8o+IET0PNTx+\/FA88nKpol4vEMqD1wK0cOm6kAgbWXem59l+QFeLj9cnAypndtz\/iygelWBfg095HxRc5E8\/H86vDjJOgqxHn3iPKUcDQkEY3mCiPPHHv7V5aI7gCVpSUD4hBSJweM3aYy9K8KudaxjdeBDNcQszGKW5YbWZAgOzxfW9mi\/F0hJITePnojX5vfuD+8PGEJbqgaN9Fwze\/6Dr26TNn3hYNefkzZ7nYjkbz6Ar6NGK2sy3\/72VNBDv\/f9MXtoHnBE7n26+Ao5HDKCn7T6ATKLTROkSfTeDzEm+gpac8DD8VQQI\/tIyUwAQ58dmjQrj5oLPrz6UzjX49qyJraIYEMvYva0b3aVwSDw4uMV9SGhQW7AuPLeDOHtSXqgvHYpAWGM6dwpk7EclOgaLoz+iCAzmfIobpkzxHKtO\/ZrixCQ=="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":159307,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04631{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":179666,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182236,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
@@ -283,9 +283,9 @@
00449{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":914174,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAsYpAAH4Gf4QKAAABuetRAa5gAbtwXMbRYngQ8lAYAfXL2wAAFwMDABNRzPKFC48C1Fna9B1nJzgOx45c"}
00449{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":914261,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAP0ZAAH4GE7wKAAABLZm7YJSCAbsJfFYpn271bFAYAfWp6AAAFwMDABObfBxL8bMwvnBw43SK8etxZJTY"}
00449{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":937875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ZmZmZmZmRERERERECABFAABAvvpAADkGnS+56WroCgAAAQG7tkLJsxwmIFVWxVAYAfUuaQAAFwMDABOXRSu08WL10pc3CGxVUSKDv69S"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":11190,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04655{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36272,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36951,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
@@ -301,9 +301,9 @@
00571{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":60679,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACW9ENAAH4GIn0KAAABdMqwGqhiAbtWR3VANJUC\/FAYAfXmKQAAFwMDAGlZefRuBILhCa44nOQseZvAsQiGp\/GaIQOPhH5d9qoTVY3e\/V7BxLhHxrEUmNpn\/fgjQH5YM8B5ugf6JBLlb1AHH5glyGJ4Cph3RmHdM6pJZZcRVHlRUuhYyr7qtZo4Gx6TGsVJ86U3szE="}
00465{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":82021,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABLExdAADYGS\/V0yrAaCgAAAQG7qGI0lQL8Vkd1QFAYAfXsZQAAFwMDAB6y6866gsVlqQ5blx3VUSPxGKjLjp2AbFxiT6ORdzA="}
00872{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":206227,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"ZmZmZmZmRERERERECABFAAF0ExlAADYGSsp0yrAaCgAAAQG7qGI0lQMfVkd1rlAYAfUHogAAFwMDAUc4DYTOZtj9RXaaH7NpXAZQoqO7YbUhHjfdLeYlWaZISP7ukf0Spo0Y6JI7sq\/THwW\/2aINKtVyHbzum7s938oBiCWCWlDHlFmioYWWMCtEkL1QBq6mHzyhbywvcK8uUcvnk5mqUm6dfcpJMxuIUSQvQRo0YQM7UazfyCgZ89vuIF5ljKsic3QusDiGQToPfUhocEKHeNuPYlzUpj6AObtFOU4I+TpxCSnXaELR0u\/4m98fVmXRwLZ7bdo7BBhoQ39ZDRxlHTGTfLV3Q939OYOdR7\/3l1Zz9lstfhrGGHdAc9K7FIp\/GsFktO8pxjwfazTv9vS+TipJBKh6Vh+MXnKMS22HH8cUTt0H9YimmrKVnGvR9VwobKnoJFO\/0Xyf\/DhYv\/F8bo1EjVf0EFsT7B0fJbfgde38L3BTwRZoW83NPlV1AaSZ1Z0="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00812{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":281333,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00551{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":310897,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":311104,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
@@ -319,9 +319,9 @@
00845{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":490575,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"pkt":"ZmZmZmZmRERERERECABFAAFf5i1AADQG68NVBV3mCgAAAQG75pJpHg609mZlflAYAFOecwAAFwMDATLvFn2dCHpX5ucAb60\/bust1dF4G0efxnH\/Ie9iI0zRiLlB4F7RHnYdsRD+gDXrcCgEcYSd+eq6qrEY7zZPOSeWNMGdfP1yZ\/+a4jZTpYfLQg1\/wmhGiIjweUwOFipd2GZGk4yBoXHYbC5\/rIZO2ylpFfwrLcIVNOwrhGb6oe5i4uEwijqDjc36MEJy9Sj+yjaXSSKDdwCCec30eNEiETJhyR+Jb6QsqCV5zD2yWL730sPIWV+9PWxxFzhcPRsV3jPvl8AxHLu8CSujyHjA1twKQp3hhHDvoQHnXSML\/5AThuWBdNCPwK\/dnCGMYTy8NxPNABaz5og1l\/mYTq8teV8Xur7ai9p6Hm7+9pv5MENUWf6husIDCKq4yVsRH8jhdZCifEUReGYd31ngSHcz9O\/KC3M="}
00535{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":491314,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ZmZmZmZmRERERERECABFAAB85i5AADQG7KVVBV3mCgAAAQG75pJpHg\/r9mZlflAYAFPxtQAAFwMDAE9iFvd+NSXnn3akoG9wS0pu\/nEwPEZTzjOoUC7LcJkPFKktQGRfkVZfGjUsiAXh7VHiXv+17PPH6j\/Z6a4+gnh2sfbG9SMbuK5DsCclqYjs"}
00461{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":491396,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABH6M5AAH4GoDoKAAABVQVd5uaSAbv2ZmV+aR4QP1AYAfVz4QAAFwMDABqjGCxcM+TPK0TxPC54YtVIhaoXfHJm0O1RLA=="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":577768,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03807{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":607705,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610153,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
@@ -337,9 +337,9 @@
01029{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":622855,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":504,"pkt_l4_len":470,"pkt":"ZmZmZmZmRERERERECABFAAHq8fRAADcGCx9oHBwiCgAAAQG7g7yjIySq2SqoQFAYAEP7KAAAFwMDAb37Utqmzc\/XQr0xKkwHhSi8+JTkROqFExNKhMimdYKmM8saokrmuJmrL7IGM9+N3ycEamRylc2+xYqrPF6XixY0I1nBFnNaQSklbfiR1ULXPyfFvTDlL6Bqfbx7o8HsH161ME\/J7NpQ9dA7SaCPyg9wTxwUspP3+LPiBsloIiDfpqM6oEtCJAzUApakoZrLjqZvEHpDmut\/iBLxVuDdF6oFrWZusviWmCmENt8wSv96QGh6g9k4pRKyPlybPp5nhfR6Fyc7a1lBUn6J4rKeho+4TSjmuVc1HqW7F0s1QTUFfgchU2WEfVz40sc2VpImXUddoXvLqet3SRzH9H6L4n\/CxOnMGZFMtLiRlSiM5UxdC0fA6IuMhgHpx4oITJYq84qucDn6+X\/e+7kcWKqm\/ycygq2YIAjXx9u2hWAzNPCVCUU6hhZgEOhD3\/5E7c6uioiFH1LDvsWvxxMQMcdx0tG9dL7mCPaiY1m9eHZMErAoKKj66qZuj6dU8Z7sAgReu5w\/GJHJJFz4gbWWI\/wx0nBh4zpXZnPXbqdjs7eT0rSXlhkiziyaPxH1E+0L96xVEpU3ZIsIAbNx21ckAsxG"}
00461{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":622883,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH8fVAADcGDMFoHBwiCgAAAQG7g7yjIyZs2SqoQFAYAEOAPwAAFwMDABp2DqgZV0Txz+XGhszRzilLqpOniLTFqPk8IA=="}
00605{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":623279,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"REREREREZmZmZmZmCABFAACtLzNAAH4GiB0KAAABaBwcIoO8AbvZKqhAoyMmi1AYAfVFmgAAFwMDAIBw+gd9vJeD\/x8X5Xd0lYOO0wTp\/\/7OmS\/7wdThDKO4T2Gvhv4LE68i5UtMPxdw7+72aREJzgTku82uWhfzjH6MBuSwQZI7NM2yCK7qMauc56q1AMWz5yTsz5cdbPAp7C3Nm4PvKkfSPPjHAa1HlSg\/iu0oITjeQnMELwjuPGchpQ=="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":697543,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04281{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":725098,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00508{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":727790,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
@@ -355,9 +355,9 @@
00571{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":752776,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWsgxAAH4GiJgKAAABAQAAAdIqAbvH60GGSWN4NVAYAfXCRQAAFwMDAGnag5mpGQgyzK72rYLgzjTgXEFF7\/vyM5TeCE56xwsqKcnLoJ5Rnj29UWbQvKgKVIeHXwFZTTBHNy5hunyZRNsfNL\/lBY7OHjRJZ\/tbRyLFVy5Rc8aufiha9M+GIYlpfxX9UzyDOKSKPjo="}
01172{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":803936,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"ZmZmZmZmRERERERECABFAAJVVkNAADoGJqMBAAABCgAAAQG70ipJY3g1x+tB9FAYAEM6OwAAFwMDAii8Xmxld8hU204So8nXWjN2bDXb44adJyX9PgYCuYIYjLgHmCQ13e1C77q02upopuuUE+DZH37WWKB0HZQJc4vdpnj+btI1+b2a4Op1YomlhAkd+Z2moUJeXvIWVVVQicor53wHSeMCZVZFWuzDKXAy58RktEsPkmFSISj7AD3WGR5+rXknr8FTc9SCvR2ml8vGZVSewehHfsywPa8nxqU88aLpw\/wzjhBY+E+PFSc0OL7efQJoxJAchIgd75oq26kOoQ+p1\/xyd8hr9WCYzkkuEVDxU3UKt0WiJxfzF3oD15gh+70w8b\/o5oTPup5viecUBoXUONak3zQKCHWU9hunWv+wfGC8C1aY\/VQGhWagW5DR+9F\/H9bc2u7pgBVi4a86fuLOJHKHrxpx45th3SxEOfHLaC435iz0hs4LTr8PwMQYyKa+EcDrl3pwPNRDrhoz9Ps6hGNCpoIXvN\/U8PdLsZh7l5IKHBdPTHtKqwz0ooNk76cTD+NZR2+z7BCX61s02HsZwK8R+PCUhfJ8FZn5biuLNGReXkrWhoEqfnq8+cTZClZlXTKPKWQ3U1NOMOgwnAjhVoB08gTW3DocEFswOvvHa5kmbpNwwgM5uqN+qzzCSyzPq43wdAazRGe9N6Z9y+Z6yjndZYfTKJHI4x+CI8BkaxKNOiT\/QKIueVFJXYYNsbuXqFmYR\/Nq9XCCvX1L35G4Ey8vHgo6ZUHvM1J5RyS0dTJSKwA="}
00463{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":803966,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHVkRAADoGKLABAAABCgAAAQG70ipJY3pix+tB9FAYAEPaZQAAFwMDABr+tfnjAL4t\/Y1IAjERbdL\/wJntZcUUnRUN2A=="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":870131,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02391{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":903397,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02333{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":903454,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
@@ -373,9 +373,9 @@
00786{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":940948,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ZmZmZmZmRERERERECABFAAE2AyBAADQGOIwtWhwACgAAAQG7gjqNzeYG88GKdVAYA4Vd0wAAFwMDAQlsB7yIRhmBmY\/vv1SXZzhkhlHvNOJM5tBUvUzg\/VsaDJwCkQ9CBIfpygaQ6w4IxZXSStc9ORhCKCRjwVgLqwJjuC3iK8phAqs2VINkkcyWwjZCopzPp7DH+OeIwV4fTOsBa7UpL9pxthM0sOQAB1gOL\/ovuBuZ85sSbJsGkC7+ClqiyEz8Xs\/NaRrekhNCvfHsNjVpJP0oxDSRsuqMlAhIa3Rtkq7M5cdTBzQ1aXm6ebSZAIa6sv0rIyC3PG\/QPmTj5AV5b+CfTaV2LETRjg94tsyaloyKKw02AVvbDAaLs+vJEhkLHHPhzv\/ZC6nL30llEMmLzz692lEh33CTowjmyVMIa5+PUt88"}
00570{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":941386,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"REREREREZmZmZmZmCABFAACVC8NAAH4G5okKAAABLVocAII6AbvzwYqUjc3nFFAYAfUKngAAFwMDAGgRVXdwoQFkT5SxPu1w7EW8p\/0u7VDqPc9wI24Np6CHAU6sa+HueSFuM3KNdFdDMW4tXn4LXazSJ+hVOe7VdIBWkIJGCmjq\/a0GBM2AD2XRyWWu3pSDv+y23zeCjlI7AewIZ4CU0+0RUA=="}
00569{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":941468,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWC8RAAH4G5ocKAAABLVocAII6AbvzwYsBjc3nFFAYAfUKnwAAFwMDAGlsdpEmub0+t10g9q5Tr3vsXAWirmH7TIxUkMmOmRTA6ry3dLoXppmgosG8dB8yI\/3nqYyJ4lrJDIbgJI9R53xwGlp2q4bhy7L3uYUgxnz6KYV6OjO+ud1FprIZ4TijnSiNTGSwgGokadQ="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":90774,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04635{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":124265,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00528{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126461,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
@@ -390,9 +390,9 @@
00552{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":154893,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"REREREREZmZmZmZmCABFAACLrgpAAH4GLXcKAAABiJDXnsvQAbv3O0Bnep+J7FAYAfUhaQAAFwMDAF7z9ZllIUJYVifkzfTmNZkbfoqBmuSaCnxtztvKBDeHssiwVOQo5nSR6hS5QkqXs2NqvhncFigbQkXSNOHHZD5sGv+1+C9xTFaldSDCLlu0cWZ1cb3oGLBlsyO6ttj6"}
00569{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":154944,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWrgtAAH4GLWsKAAABiJDXnsvQAbv3O0DKep+J7FAYAfUhdAAAFwMDAGljKoEdACJVSu6LfUQxS7Zexs7VdtZ0WWd3zkpBzdNePqSAkmPDwdqpmsW3s8yVNWD1l6kq2LB71Xq3IVZ448YTWlaSIx78F+mVdDN7fDH0CMeFIDqL5DKGDEFzM\/1oGnCGpoQmFfwpMcc="}
00671{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":188288,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ZmZmZmZmRERERERECABFAADgg15AADcGns6IkNeeCgAAAQG7y9B6n4ns9ztBOFAYAPU26wAAFwMDALOTK54BMRDpe4MtRO4mvaKSRanWnUcsocEhf9imDZHTA69qRe1uMpLNe4m7Qp6bbB11SlMzzljnJWHK+xtT3NsLO0bn8SbPTm\/fP2HByAEIKCeJjzX6cTzrqctPaQMfDSYpsZyjirFQZJWd9zNZ8BqFngUuVVeMYAnqiHHR711KLHnNmYB21LdkXKWJ\/KQgiEfOFQlvg\/OO7+9BRDX2ISiFdjwYwba6lX0BaMvdwPOAIYVaXQ=="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":216755,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02388{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":246047,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
00836{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01836{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":246097,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
@@ -408,9 +408,9 @@
00463{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":337114,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH\/PdAADcGHXdoHABqCgAAAQG7mS5MYaBfsaoiOVAYAEMWLAAAFwMDABo\/6em8S+cskJCsgTPlQqXRsWlC4TiMQ4i7bg=="}
00604{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":337591,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"REREREREZmZmZmZmCABFAACuj8ZAAH4GQ0EKAAABaBwAapkuAbuxqiI5TGGgflAYAfUp4wAAFwMDAIEKgmKWX6YJ7EyrwW6UghlXKcoJ+dlzOTuPpcSLOsTbquE2gnNikXT6K1Wm2i1baScC4\/wKLo2OPiGC3Luvwce+I21tzmxYzD8LqsuN+\/aohVjp1coCNcS12EFOamPV40OYgKnUNYc0etOgF4dXD\/z9B5EUsK\/F0FqgOPBxG1vjLKc="}
00837{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":379039,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"ZmZmZmZmRERERERECABFAAFZ\/PhAADcGHGRoHABqCgAAAQG7mS5MYaB+saoiv1AYAEQvTQAAFwMDASwIOtnhxHgdCgQey4U19\/NOVQeoKhAjFytVdqdlNMepeyLN10r8EnEvFgwlJOqbn3jVg4D5gHhOz8YJayO69m35\/gSva3GMKU3IYEt4mRO7Og72e7CdTt7WlPpuH2yJzlDoMxqM8WIVENPl5wDi7D0LA7rWEPagJRWBBV9g7FAv1zAp4Avqs8vJrDF84dxBjJ9N0EWun0QJUwWdK7e3Get20X9+B+j\/UxjxhfG77h4DRB+zhIFQ5sPT95Rh6TYcIyIUJk0sap6MOtu+\/0pPK3fwozE\/Qw9UbZga\/69PyXill0sssG3IU4A0Iqkz\/yhwP69NxS4HELP6acm1AabWnpDspLBmF3ezb5xhszBYT37rQZYehwSV\/yqSX6InrXWao0z0iINaMnm6sjRuAgw="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739389,"pkt_ts_usec":936448,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00851{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02335{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265010,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
00892{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02322{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265099,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
@@ -426,9 +426,9 @@
00463{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":581729,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABHc2NAAH4GKiYKAAABLUxxH8s8IPtar+j7\/RJIn1AYAfVfYQAAFwMDABo4gQ0\/ti+GmkptcE2+fzBrSGCpuBrJi5HiKg=="}
01487{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":582718,"pkt_caplen":838,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":838,"pkt_l4_len":804,"pkt":"ZmZmZmZmRERERERECABFAAM470RAAC8G+lMtTHEfCgAAASD7yzz9EkifWq\/o+1AYAfc8BgAAFwMDAwvE4VKvhwzxAvyDSBmV\/HWW8jrle\/2tIQrCHtgM4SEn\/MUbhLTf4gE2RQUohu+XLi7hNVkAAiCXy9BUxG\/BHXX89qoktGZKutZimmLlY6nEIRetaVs9kfhl4nPV4JIbX2KBT87OOtrDwqwIPawgP5htuEMxTx4sui6fIeL9CH9yD2firPvONAFmSWcN\/MOC6JRs9IDxTASCNwcgykFjPX2groCYqkEB2WOvOn8\/wW4ERgWZc+WIMsPz3ki0aEqeVfOwxti3O3RM4RLv9va6MKucZz8qaINHcfN6EVYEx2p6GR6ZwHPuIqU8VTWtmJEJqO9d3\/vKEbpnddrcUuxj8SG\/2\/wjKwPdHi3VpOCOvichdJN5nG7ZTr+5FvOCf1SaXiv3OySrY41O4fmTcyIFogTcjoIIBJOakc50PdfaMpLiFcjUNgplla95StqW2vagjm+2PPwVs\/qJ2KNRTMe5Yjgc5FfrHDbfIpvKm3li\/9UUkot6OjGCiZUFkynZrKe3d\/RBplnqEJAWUc0uQFIYNGXD6GdIVIxFRtx3u45qdZkmqIJ0PtqT5cHl\/rXkJRbJU1xLPycijyQw8kll3MMhoLwLczGH1Li1Fl68nHwfTXWne39dFpB8N4OBRGbct8nzE51iY0mKXGz8ngE2xq\/3Ckzvyyl2IS2673ohAqyKdxS+fIV5vIvBQrzfVaIzh9WAvbckzqhehyJ15tbxoUU+GMvYR3G9jcBmIRoeK7doD1BQmj6iTlsq3uGJy3iI8piNfDXe6oczyaibYRyGS4+Ep4WgvZNMDwbFEkEx1OjqCVNf3qFhFkgslSFgUfyow6u2srbMLe\/zmzoP0Bu+b9qxQtbXq9VQFPNGXlUi\/ilUEAaiElrYJOtrhUYQufEmNHhllxHZ8vJn+serjRsYVN25u0UiE9HGAuVFqCpoP8ssTIW9z\/4MhqNwMgECvvzaWu6a2VpJe4rWFN+NVOW5E19pib89T77fsjxffi3TiwTkQT4o0UE6wags7O73cu2rrwTz4b0tCejkUo\/yVNYHoQ=="}
00564{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":583111,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRc2RAAH4GKdsKAAABLUxxH8s8IPtar+ka\/RJLr1AYAfVfqwAAFwMDAGQTbp72Fcho4nrmgw40E8KxYIGuP0OPkWfS59V3PlW+86dER1\/SLENpVbWQOr2\/IvStSqCI+I4U7XIX8X0TVY4H836AapEtnh3hhTXQPIuOfgU\/m87qaWiOeWaecqoAAQYEbJRQ"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":933403,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04634{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":967766,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970010,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
@@ -443,9 +443,9 @@
00567{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":6752,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWddlAAH4G2AsKAAAB2akUF4T0AbuSPubOlAS61lAYAfWvBQAAFwMDAGkgWZNHHwUbRMjYZgPim+jcVPA8lIvlt8uCJ2eZKbKkof6emBeQB4ZuiNcpdnGozUD8xcUuYn90pq9wM3IlcVmBkjD\/l6WaohLg4aGOCUJtHm3lL5Nl+MBLSzJ21bUZhqw2ulCaIjhcHjM="}
00685{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46287,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrNdVAADgGXbvZqRQXCgAAAQG7hPSUBLrWkj7nPFAYAfVNeAAAFwMDAL6TKnbkFATDhtx3ySWDDQ2If6D3T\/atYxe8jN8eJLMXkaT60hSuSj6Caq8pc3kR55Lc5n7zezg\/M1IjudVoQ834E7mBmLpGlFm9+uVdppFEj25R9ZxcsIt3ktWSIpcsHbSqwQRsaNAehftbwQVvrwC31Q8L0JUTIrtkgAAd4jE3c3TS1omS2qjQ\/7VJt66M+cUwBoULTREmH35UDP3G4lm9V9U\/m7fF\/\/rigsamLr5yjLd4wBFYa9kShAV8+AC6"}
00464{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46588,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLddpAAH4G2FUKAAAB2akUF4T0AbuSPuc8lAS7mVAYAfWuugAAFwMDAB5L2lkJjpLClO8v9wZzC+dOrVqBd4j92hX82Nk7jW4="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00813{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":294231,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00805{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04351{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":340313,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":340375,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
@@ -461,9 +461,9 @@
00571{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":422486,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWOfxAAH4GNkgKAAABkv84YqrGAbtdpqnor2J\/alAYAfWMpgAAFwMDAGkskbE6jojziEWZcr57nfNO3QVwvQHpO7RpYrit0PxYi\/EdGvNfu4dy\/1VG2nMOx2X5QyLU7PTvVX9K1Tk31jOxrfcpc4jXuSE2rb1qXnua7aXnvU1Clxzf9Q5XRvJCVGrIefRWpqyqjP4="}
00691{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":459806,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"ZmZmZmZmRERERERECABFAADsAABAADgGte6S\/zhiCgAAAQG7qsavYn9qXaaqVlAYBBPuLAAAFwMDAL+5P1wGAW7bqRbFQF49PLOyL7Nktp9V27s\/vxONurX4s2n\/rQw\/Pc6utp\/JQlx92Iwj0pMSpIonnsrcCShzvBfOIR4WwTTnN18t69G6PIAyQbjCzKU1Y5oI08MKAUN7p2wK9FhJ6KKs7dY3QsCtHu8Vp\/\/1URT5ZXAiCCddtgsJ4DVxjVT9RBqSeaO0vFHPJdMho6CfUjl26TvqbCuOy+ZmMvzj1FGAx9OM+o8vAKjrH07NZSC3jl7sTS6mK38UsQ=="}
00465{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460114,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLOf1AAH4GNpIKAAABkv84YqrGAbtdpqpWr2KALlAYAfWMWwAAFwMDAB5mHAVxw6qC2wo8lvd1nMMLvER4s1pZjX+1yYfWJU0="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":581420,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04341{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":612150,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00712{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":612199,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
@@ -479,9 +479,9 @@
00569{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":643099,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWpvJAAH4GfmEKAAABwUZVC9OUAbunNzyQos+lPlAYAfXXlgAAFwMDAGl2Br1EfvOd+7oTvKC3kE7CXBP\/2IvAewAtinvUxfi9a9UDm0t4OOCcLCJQfBTLqmjIaFlNVaCrSE4mXly1X6PfjJglufG+Yj3IVrGULPk9zqrUZstqStRuEBJJM5YzfTUxQjZllbU9xx4="}
00466{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":670800,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL44tAADQGjBPBRlULCgAAAQG705Siz6U+pzc8\/lAYAfUtRQAAFwMDAB6GTFZkUYOJTOEIFUQpPcd97xSl2MUDje80zwgABzc="}
00688{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":676307,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADr44xAADQGi3LBRlULCgAAAQG705Siz6Vhpzc8\/lAYAfV5MAAAFwMDAL4Y\/TNvQbA387qryrTfghOJwmBq7MrrqjaXgMYkUrdb7+JV7GyX2G1PlYEBhrHtmGmLe8TY\/GzaK\/74z5502T2LG8iavzUZbT7qD3yWi4wLUUuzZgCc8gQgsaBuwMQyskQjNARBgpNUYYX\/vIFT3JcxdZbYJJamKEp6CJnx0\/ERgrjyKOUeId0DgNdohXVJsvUqUinT5MHse8b9T1mcvnPy7kU\/joqvQgHKNgEtNxFahCTXP\/UEY3nBkseKTsx4"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":702099,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03183{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":727632,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00859{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02419{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":727678,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
@@ -498,9 +498,9 @@
00984{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779063,"pkt_caplen":469,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":469,"pkt_l4_len":435,"pkt":"ZmZmZmZmRERERERECABFAAHHuOZAADcGBXrR+vEZCgAAAQG7i4LAB7LWUka2WlAYAfVtVwAAFwMDAZpUn0cMTAufttXw+Wnq4a8GOUVwXNhriVC+b\/v1NA\/TyyizPF8SN+\/iANfNdEIw1hHOjLXIBSC6TIq6yVuNTS4jkIJ6\/75YqlD37vd8cKEbuAO9g2HKvtcAbZnIZb16EEM4Y8x1DXRNcy8QnNtphGW34V\/Wo8lNlfUhdjlnpmEjh4EizEdoIcqeltCAb7bB\/o1fCtAxdjINx6EGlPxt67yknjg8s2L7hU3IBhwhMwnDDtgK2qDefPoi4gD4bBr3J53vnc7WVHILxO0qJPSiXDPfbcj9YoaAbQV9BCBRLu9Q1JxnViIe8reyImKiqe4+oiGn70GKVoXu3U91sni5Yqi\/qok1JBy6h5mp0YpMpZdhodzyfLsIU4mJ45hIOnNX44QZnvy1S8zz46tMt38y35Qi0KiAlpBHo2CkiINwbs4oXv5s5gXforYuJBIMuRpbpROYVhGd3ijjZa4cLYfpxKlkvaykl1XNpOvOin8ZVPFh\/OuslgR90VJbuURRuq0f9sqGz67CPebLxAqreB3KV4+1KDGxjte9vSueNQ=="}
00570{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779528,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"REREREREZmZmZmZmCABFAACTLI1AAH4GTAcKAAAB0frxGYuCAbtSRrZawAe0dVAYAfWEVgAAFwMDAGYAAAAAAAAABXG\/KQ+1f119dlMHblR2yidnQRbPvW\/zq63F\/igpgY2RqnaozqFyuABfvZrMQkxz0fmLCoThfIqwIZSAKsK+0ZpgoKUVQoA\/SuZsr\/YGiOO2ertUe8\/qVvDQqLhwLz0="}
00582{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779624,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"REREREREZmZmZmZmCABFAACdLI5AAH4GS\/wKAAAB0frxGYuCAbtSRrbFwAe0dVAYAfWEYAAAFwMDAHAAAAAAAAAABkcWKuZir635GoU1xm6sJ2pRP8I0lJaRiou4x857lKheGwpvuwMadXPtJo+n0\/ZVfO2j\/AWrt\/rHPyN+D9GGnGfJgyGzaweQAcKD9eDsiGzhiW0OZAjxJa9MS\/UdwGs\/MkWfhwyKm0VG"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":864559,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00806{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04343{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922095,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
00848{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02047{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922153,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
@@ -516,9 +516,9 @@
00467{"flow_id":30,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970552,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLN19AAH4Gvx8KAAABX9jlmatwAbtGU6uLmu8eH1AYAfUGbAAAFwMDAB4Nf8UJeas06r+T3i6\/\/7y1II+ujukEFzKxnznhsWg="}
00562{"flow_id":30,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970620,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRN2BAAH4GvtgKAAABX9jlmatwAbtGU6uumu8eH1AYAfUGsgAAFwMDAGSyk1KOdSdDi7O85h4PA7Kj1kLRD8Cvyu10TnJET0F2PpxtEkeiBWme8hFIBcwhfrN+u\/Tulm6\/k6XcAsDJdXdNFDD6wwHPy+S3J4XDEn8tXTis7ukzh5mU35a7uJWAcYD72OkA"}
00571{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970714,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWN2FAAH4GvtIKAAABX9jlmatwAbtGU6wXmu8eH1AYAfUGtwAAFwMDAGn4jD7I94ILrD7yyLiHEy5w+P9gXVYReJhoXDO4JiMUs1dSjEejMlBhK6LplTsX8\/Hb7o6IqK0sUCjWidZwT\/UOjxb\/JoRhBj5HBAsOKbGfXFD+LzRVsvAk4SCxSRdqAk5nuAYKrAeE+oE="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":59475,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04361{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":97803,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02303{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":97864,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
@@ -536,9 +536,9 @@
00682{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":187345,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrZphAADcGJJ8u48g2CgAAAQG73uK776vOxxCUJVAYAfV0OwAAFwMDAL6wyx998YbKxmhMw3+CbPsfnr4wXvWu9\/nfQvNorwHZg0srS5b7iFdGjGxZUGNlFBD4TLH3AzFc1xK1\/J0T2VFH8uDpGe8owqNCKImjGik5Rfd5F24uYKSGIYmxbUfgE5PK2eru+BRCrL8IEcqvV0LwgKt5CQaKMtHOFanb7Cza85s9XyOcjYz9wcZRJTSv46SL8xZ0wNzMBRezCeekROZM5P3D2xzeSAqSrV3f5Ck85qOoGJR8Qi7HLCko8nA2"}
00488{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739415,"pkt_ts_usec":188752,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbg19AADcGn1KIkNeeCgAAAQG7y9B6n4qk9ztBOFAYAPXJwgAAFwMDAC7p4enar7a69h\/ap6n0W5hiq1K9j0xA71Ah1sGQS9PZ3SOPEcpAhCVrUATzJZDF"}
00449{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739421,"pkt_ts_usec":46730,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAddtAAJkGvV8KAAAB2akUF4T0AbuSPudflAS7mVAYAfWurwAAFwMDABPAQVvrxZDxyu0V2WbXi8Wc7\/ph"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":327563,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04497{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":346755,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00530{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374765,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
@@ -551,9 +551,9 @@
00634{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":405726,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"ZmZmZmZmRERERERECABFAADHVbtAADsGFqcJCQkKCgAAAQG7yobBettjOpk+xFAYAHtFOwAAFwMDAJrlZdBVS0cKHJnqEJaXIqAMqgJO9gAwybL2E7xe9qQZDr4J2CA0CxAtNC0Boxr8btXLopFLp0PWcJf8L9I6Bnv9ARtkisdIMLLx4GNLsopMbMvf1P9LXCNWLKmRGCDKo3N4vvUhY7bBpv6nEeDTO\/oU7mh5T37WkPBRQhHrVJs7lTiljdD2tCiBraXCJY+h+e7jpTKniTc\/A+Xc"}
00449{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739633,"pkt_ts_usec":406126,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAXk9AAKYGo5kKAAABCQkJCsqGAbs6mT7jwXrcAlAYAfXTAQAAFwMDABPuHGcQnap0Vm7XVP89BjuxPcso"}
00529{"flow_id":32,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739633,"pkt_ts_usec":413039,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"ZmZmZmZmRERERERECABFAAB4Vb1AADsGFvQJCQkKCgAAAQG7yobBetwCOpk+41AYAHvgMwAAFwMDAEuf8FnU6xhGOURGBoRDN3wq2DAZCmPVTSnU3vLzpSv0xnEWwtxWw+S8xLuhv8sm5rPi9TW2uaKE9E2ATpSI\/WmLTaqDOIUZ3oIMR9g="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":512401,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04642{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":535299,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537491,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
@@ -567,9 +567,9 @@
00465{"flow_id":33,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":578915,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLx6pAAK8GOFkKAAABuetRAa6gAbuz5lwXlG1POlAYAfXL5gAAFwMDAB47P6zsJLwbwYHugGHZbxWAzApODX7VmeBEgUQGckw="}
00449{"flow_id":33,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739691,"pkt_ts_usec":578957,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAx6tAAK8GOGMKAAABuetRAa6gAbuz5lw6lG1POlAYAfXL2wAAFwMDABMWEHy35xGvTWnWCOeYpetAF3W+"}
00449{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739691,"pkt_ts_usec":599667,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ZmZmZmZmRERERERECABFAABA7pZAADQGjHi561EBCgAAAQG7rqCUbU86s+ZcU1AYA+q7SwAAFwMDABMugBtN+BphYqwIRyb7JrNaAFhQ"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":619145,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03182{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":647275,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00859{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02424{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":647564,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}

6
test/results/dnscrypt_skype_false_positive.pcapng.out
View File

@@ -1,15 +1,15 @@
00499{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625015363846,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625015363846,"flow_last_seen":1625015363846,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01112{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625015363,"pkt_ts_usec":846677,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="}
00743{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625015363,"pkt_ts_usec":881095,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"}
00541{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1625015363846,"flow_last_seen":1625015363881,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1625015363846,"flow_last_seen":1625015363881,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625020200938,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625020200938,"flow_last_seen":1625020200938,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01113{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625020200,"pkt_ts_usec":938475,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="}
00575{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625020200,"pkt_ts_usec":970253,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"YDjgxTWgeJS0JASgCABFAACMI\/pAADQRpqLUL+SIwKgCZAG7twoAeAlVcjZmbnZXajhLx65R\/8kXF75ne7erN1aKqAFT9tSdFNk+\/FY4BWykKt5VBHfuRsQIXEdAWbATnDkescRMFqApy\/x1xRRyQOqpZlSFj2MoC\/ojSMDHYB0u+03LWvVBM3MXLjO1DiMtdOl\/yGx2VrztXQ=="}
00541{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1625020200938,"flow_last_seen":1625020200970,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1625020200938,"flow_last_seen":1625020200970,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625020500944,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625020500944,"flow_last_seen":1625020500944,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01113{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625020500,"pkt_ts_usec":944370,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"eJS0JASgYDjgxTWgCABFcAIc0FIAALcRtUnAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD1a7lthGyhcXsTywP0kSgKzMOKxLpaXyj+9OZAFS8DY5Bm4L6EvzNq4lEGOPhLCjDamIIC0\/kBi+logo8aCs8Ykn1kcDSMHr5ohPkH5ojDFTDgfmwbydb9VkrPfnTo30VRoMTeB8FjhWHQEihOvRCilI3eOZjQ28Yfe1\/VN8xjLtW7ba4LSN2xCht1I09+EoUxpQ96D64sakFbj1gbWIfFC6mjxNpJkUYgFtEUrHrbQo6Yb4wDxxrHKxSGf5tYgGK8+4GML8fzlbAPa7o6RV3JY5yXNFJ3MnYVZDLyK7vZpuX+W0QdpvlOoXdQgu5V\/1vYCuIbYyjD1E\/aqH6T1VVYtREkaXUDd2\/HQM\/9A9d0RFNq36PferQRHvpzqWhRknav7p0NkGaOvxNr4arkI\/fXVJ5MfbPAbPxakCs4BQU\/13cQP6ZDmndNX77Vh4tfvSXHISUMO3wWRgJZ5OO3uCUlzoA70aywvlK9wHzLDRpXNBGmyqLOHKhuYIVjBo28jLGSH+k4Q\/m9sLX96Cn4Sy2hg4OVoKY8hV\/wDfOcc9a0g43ssuZX7WTWVwK498ezLekMjk8VjiXXgnBFdZzcotEoa4LInFCCX+jv6P33my\/Qi3ujnaRbTYXaA="}
00740{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625020500,"pkt_ts_usec":975955,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"YDjgxTWgeJS0JASgCABFAAEMoSlAADQRKPPUL+SIwKgCZAG7twoA+EyRcjZmbnZXajhWu5bYRsoXF7E8sD9PWmGYOiT5KzHD3kPjLl7BjioY6UEf08MGeL\/JWC\/GZxvZAPw2oLkqyuN33UXxnNA9LPLfBwy3QICxlaym7eKKZMEm70BdPYkerr1JpTrIMDEQHRZ2NhsbwquM792q3Tluz5nh6AX4CyFaao0ew+msE1FqK9CpyfSXTrOgznyen2UojZEvCDC8CK6cbXtBOU9ZeSBUcMeG+\/HYUGxBiT5Ge+IUKrsZSiizT+dSITxSFNZls3dnrtAjHZwBUYoViOq6jNKegqlDOk5xyGbGZU8Fayk8IT95tORioQDh"}
00541{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1625020500944,"flow_last_seen":1625020500975,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}

10
test/results/doq.pcapng.out
View File

@@ -1,7 +1,7 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02094{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":199591,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="}
00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
02098{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":201842,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="}
01070{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":201890,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="}
00713{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":202274,"pkt_caplen":279,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":279,"pkt_l4_len":225,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAOERQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEADhAPTg\/wAAIAi72eOch5MP7QhOL+O5iCYx+UBDpLbz6hVr3VQhQggh8jeSy4LrSByAKcA4h02NrSHlYfiZeIBfX4cUD4rj0whBaxqv8GZptq0Yh86VFZ7cihClGjSAiHi72eOch5MP7eD67j31tF9Ewc7\/cDWWW5sbKgeZ8Ni53gCKJC4UiBzoddfNqguK6L47A8v5MfBqkmPLLd375Ln\/BizbinX7j2Wb\/eMxuHFSq+9VI36g5fjgo4+MYm50K5k9Iro9bud9p1Ez1Q+5mh70eHrGquqOwXiz\/D6V"}
@@ -10,9 +10,9 @@
00492{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":202473,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAD8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEAA\/AFJMu9njnIeTD+1UZ3UL1a3XfRaN5wUfWs7iYRlISEYaJh8AeMvzJsGP1FxH1D7p62sJHL54hGmz"}
00535{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":209998,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMflHgN8pivud+t+xRWTjwsuKf67lT\/nM9uYZhGnTjZKGw6ObJH\/xJ9ga6sYiFSk22PsyWv4EW+86EoI8R8diOdKlj\/jL1WT6sn8whw05"}
00534{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":260163,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
00430{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00600{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":260178,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRnKgAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
00464{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00535{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":360401,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00599{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":360423,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQTEgwAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00536{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":560720,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"}
@@ -39,4 +39,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 130 chars
~~ json string max len.......: 2103 chars
~~ json string avg len.......: 1192 chars
~~ json string avg len.......: 1195 chars

4
test/results/doq_adguard.pcapng.out
View File

@@ -1,7 +1,7 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02073{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":43144,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="}
00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00716{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00588{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":79621,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="}
02072{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":84825,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="}
02097{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":122822,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbQAAD8RO05ejA4OwKgMqQMQoG4E7CdXyf8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRABAlUp76TjgEqdop5UKSI\/F6C7Gd9+z58rAvv5K3VJcoj\/wbKGCvwUk7hAIZQkwS0eQW8volAE\/nQLfPF\/ox4Fu54Iz80wj9fAhhK9DPh9I3m5cX1kBTgklYoQzHtAgZePSyxHP6hihn0FPt1BzVGGJcnUShw4Fy27vLE7qS\/7U+ePnY21jz69vyKuwXZuTiiipLJ8YK+0o6f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qREQSNEAdToqwkUBeCPSTrtq1i+\/poFtGCmte08vfTNyuyRI2BuDSMLi4bKO8pdcS2OC7T2X+MCJiync2qglwLaK\/ZU6bCtCK6b7VW919zbwzxcwIxzakqRvR\/mHdyX39t6PkLoaGvK0X2vbjcfBtb8h9mxy2cMiCG7\/xmTssSfThjiW\/NA9r+eiSMaDW26lOxC0Myi2DyzhDaTuSGSXZwR3CdWz\/ehHzTlDnGfh\/fqCFNYcS3v3UJiv+Cd0NLG44Vb9GGFrsZAF0TFEPoReaDJEc8E0xrNED0dRphUxIr\/DqFgN88iZ7j379UNmsHXy+9mWkitLF30R2ORqsURlznCsncam1RRgTWr4gcq9w4PNs52tqYlXDTCw4di7UTg\/DXRKcsZbsYlRVAfuycbyKPF0+Crf95FQRqiDvujNGcSTFX0VUkcz4Fa3pVHkQZTqBaaJldHmG75IwR2jDpJHz0f8U25KfeMiidTlxNhhm4ZqtGvKIQ4l+F6Qgx3jz+Qgf4yWjkIytmooZaorzphY\/a1kd6q15yS9OAMFDlQGdC5w9pE5P54RHRZK\/rZQvTXChmSf0vHRtYR3c1oFoJT5F8p2MZU6xhBjIUVysia54dwyFSZwbXqhUTXJrPSmDnqDfgBnK15jat6fjDPn9EWVvi7jaxG881+aOZ0xxnx8yaRNN3cCXPRxuMVSBmS7R7uoMquwsmmUOS3HlBY98FG9pd\/pxl6D9GixGNYBEezKcsx34lBBN0+GU4QtQleLTJjzhkmdkqnu\/8ysyuk3AuGjDDpL4t9TZcSgmggtEeEIAD2uQ2Zs4+WrO+VF5RxXbNWqozAUKDXdWU4IhvJksaRt8LtCWMK+Q00gsZwn3bWnNtabhQ1da83CeC15FJEtCDSDfxhmRH8vWgIrJbPgN8gB44r7wKu16DvYGW8aqf7zmsckEnkXbn9FLsfs6ALLsVL2msz6xtzgVn74SrIXydDwMfx1fXsW5dM2nkOLSCiM7YyFahko2kEAUPa6aTOfHxZLl9R7YCHnpAfkDCw04yVocKSaV5Pw7dDALMPZTFdRwdAqoyp3JhcsW4wUVqsp0PTozIQzKE7JAcqGlvFfwXzZ7er6uAZdx36hfYDgYoKAl7S301UkQuX9mm323V1dh5OybrgeBmnlr+MoKe0Mw9PiTuvSS8+Q3jyvTGx5OnutvIwmCJZ3KlkUzAfZXELr6zCDgD5WkbH12NIA\/4Eve+66VJmSimGr\/rnpAwbN5efr8WSYM7kHl8\/tHLa\/St+DGu3hHqjLCX57P6yvpn13zBn38N5nhVh4BtxHTcXl9nJ40h9Fo7xe0oRT+d04279tPg1uhRPq+kJCTbSuAl9GMdjJxVxoxsuu0aJpaqKEm+d\/QnaM4+TSccA=="}

67
test/results/dos_win98_smb_netbeui.pcap.out
View File

@@ -15,15 +15,15 @@
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":101878,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":553896,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00499{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":553965,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCAAAAIAR0rfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00499{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":554005,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCQAAAIAR0bfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00499{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":586916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCgAAAIAR0LfAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409798,"pkt_ts_usec":47534,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409798,"pkt_ts_usec":642006,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00498{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":23617,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -34,9 +34,9 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":348591,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":543745,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00508{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":544216,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":544288,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":583272,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -53,10 +53,9 @@
00509{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793465,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00509{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793598,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHQAAAIARvLrAqO+BwKjv\/wCJAIkATHyvAAIoEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00509{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793661,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHgAAAIARu7rAqO+BwKjv\/wCJAIkATAu6AAQoEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409807,"pkt_ts_usec":597015,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":132208,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":517809,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
@@ -71,7 +70,7 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409817,"pkt_ts_usec":241324,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409819,"pkt_ts_usec":547009,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409822,"pkt_ts_usec":253028,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
@@ -98,10 +97,7 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409846,"pkt_ts_usec":177854,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409851,"pkt_ts_usec":581302,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409851,"pkt_ts_usec":581302,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409856,"pkt_ts_usec":181279,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00485{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":28684,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
@@ -160,17 +156,12 @@
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00486{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":175103,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":597261,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00653{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":597261,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00553{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409862,"pkt_ts_usec":195835,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409866,"pkt_ts_usec":206390,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409867,"pkt_ts_usec":606753,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJwAAAIARsjXAqO+BwKjv\/wCKAIoA0Qj3EQIAEsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00685{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409867,"pkt_ts_usec":606753,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJwAAAIARsjXAqO+BwKjv\/wCKAIoA0Qj3EQIAEsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00435{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":734666,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":734893,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
@@ -195,7 +186,7 @@
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":821909,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00654{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409871,"pkt_ts_usec":610878,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKAAAAIARsU3AqO+BwKjv\/wCKAIoAuRxAEQIAFMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00654{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409871,"pkt_ts_usec":610878,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKAAAAIARsU3AqO+BwKjv\/wCKAIoAuRxAEQIAFMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":653497,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":93}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409872,"pkt_ts_usec":653693,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="}
@@ -230,7 +221,7 @@
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409876,"pkt_ts_usec":771024,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00654{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409881,"pkt_ts_usec":580957,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKQAAAIARsE3AqO+BwKjv\/wCKAIoAuRw+EQIAFsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00654{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409881,"pkt_ts_usec":580957,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKQAAAIARsE3AqO+BwKjv\/wCKAIoAuRw+EQIAFsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409882,"pkt_ts_usec":997566,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":64}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409882,"pkt_ts_usec":997752,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="}
@@ -257,21 +248,21 @@
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00538{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409891,"pkt_ts_usec":489903,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":154}
00670{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409891,"pkt_ts_usec":609903,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZKgAAAIARr0HAqO+BwKjv\/wCKAIoAxRTzEQIAGMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00670{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409891,"pkt_ts_usec":609903,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZKgAAAIARr0HAqO+BwKjv\/wCKAIoAxRTzEQIAGMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409892,"pkt_ts_usec":489826,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409893,"pkt_ts_usec":317826,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409893,"pkt_ts_usec":769840,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZKwAAAIARrkHAqO+BwKjv\/wCKAIoAxYA9EQIAGsCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00670{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409893,"pkt_ts_usec":769840,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZKwAAAIARrkHAqO+BwKjv\/wCKAIoAxYA9EQIAGsCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409894,"pkt_ts_usec":273832,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409894,"pkt_ts_usec":785830,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00670{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409894,"pkt_ts_usec":785830,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":177868,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":741945,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLQAAAIARrEHAqO+BwKjv\/wCKAIoAxYA5EQIAHsCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00671{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":741945,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLQAAAIARrEHAqO+BwKjv\/wCKAIoAxYA5EQIAHsCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409895,"pkt_ts_usec":982740,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00670{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409896,"pkt_ts_usec":749822,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLgAAAIARq0HAqO+BwKjv\/wCKAIoAxYA3EQIAIMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00671{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409896,"pkt_ts_usec":749822,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADZLgAAAIARq0HAqO+BwKjv\/wCKAIoAxYA3EQIAIMCo74EAigCvAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBj50BAAAAAABNREpSOTgA"}
00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409896,"pkt_ts_usec":865840,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00522{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409897,"pkt_ts_usec":721870,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
@@ -333,9 +324,9 @@
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":18}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409906,"pkt_ts_usec":373827,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":4}
00654{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":337893,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNOgAAAIARn03AqO+BwKjv\/wCKAIoAuRsuEQIAJsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00655{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":338019,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNOwAAAIARnk3AqO+BwKjv\/wCKAIoAufUpEQIAKMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00687{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":392441,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlPAAAAIARnTXAqO+BwKjv\/wCKAIoA0ZTzEQIAKsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00655{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":337893,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNOgAAAIARn03AqO+BwKjv\/wCKAIoAuRsuEQIAJsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00655{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":338019,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNOwAAAIARnk3AqO+BwKjv\/wCKAIoAufUpEQIAKMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00687{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":392441,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlPAAAAIARnTXAqO+BwKjv\/wCKAIoA0ZTzEQIAKsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":865229,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":62}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409908,"pkt_ts_usec":865369,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
@@ -368,7 +359,7 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":3}
00562{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409912,"pkt_ts_usec":777830,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":172}
00696{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409923,"pkt_ts_usec":353834,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADrPQAAAIARnC\/AqO+BwKjv\/wCKAIoA11O8EQIALMCo74EAigDBAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00696{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409923,"pkt_ts_usec":353834,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADrPQAAAIARnC\/AqO+BwKjv\/wCKAIoA11O8EQIALMCo74EAigDBAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00500{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409925,"pkt_ts_usec":57831,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgPgAAAIARnLfAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409925,"pkt_ts_usec":58018,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
@@ -380,18 +371,18 @@
00500{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409928,"pkt_ts_usec":60524,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgQAAAAIARmrfAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":12,"flow_first_seen":1576409867606,"flow_last_seen":1576409923353,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2262,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00142{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 220/62
~~ skipped flows.............: 0
~~ total layer4 data length..: 6441 bytes
~~ total detected protocols..: 7
~~ total active/idle flows...: 7/7
~~ total detected protocols..: 4
~~ total active/idle flows...: 4/4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 1939466 bytes
~~ total memory freed........: 1939466 bytes
~~ total allocations/frees...: 35418/35418
~~ total memory allocated....: 1934666 bytes
~~ total memory freed........: 1934666 bytes
~~ total allocations/frees...: 35409/35409
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 147 chars
~~ json string max len.......: 1931 chars

2
test/results/drda_db2.pcap.out
View File

@@ -1,5 +1,5 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1175543772220,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":220609,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":221098,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
00410{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":221136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}

110
test/results/dropbox.pcap.out
View File

@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":481938,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00522{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":585820,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00415{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":587798,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXZ1AAEAR62rAqDhlwKg4AURcxIcAGvHiYkQ1Anj4iy9yL0J1czE3Q21k"}
@@ -16,9 +16,9 @@
00526{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":130232,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EQ4AAIARN6zAqDgBwKg4ZcSHRFwAaGrJQwM1B8\/MNXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":132073,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXc1AAEAR6znAqDhlwKg4AURcxIcAG\/HjY0Q1B8\/MNYsvci9CdXMxN0NtZA=="}
00526{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":239138,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8ERsAAIARN5\/AqDgBwKg4ZcSHRFwAaNHfQwM1CFi1RXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":856457,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00416{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":858898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00529{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":969405,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00424{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":973211,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyXh5AAEAR6uXAqDhlwKg4AURcxI4AHvHmZkQdqhF5z0YYRYsvci9CdXMxN0NtZA=="}
@@ -33,9 +33,9 @@
00530{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":530785,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnmO\/hCAAnAERyCABFAAB+Ef0AAIARNrvAqDgBwKg4ZcSORFwAassPRQMdr\/Kq\/CfKckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEzIEVFVCAyMDE2In0="}
00423{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":536055,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"CAAnAERyCAAnmO\/hCABFAAAxXnBAAEAR6pTAqDhlwKg4AURcxI4AHfHlZUQdr\/Kq\/CfKiy9yL0J1czE3Q21k"}
00529{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":658448,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EhcAAIARNqLAqDgBwKg4ZcSORFwAaYovRAMdsNz8WXxyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTMgRUVUIDIwMTYifQ=="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":88318,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00419{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":89637,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00531{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":193327,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00424{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":196759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0XrRAAEAR6k3AqDhlwKg4AURcxIgAIPHoaERSkLugNTWCkTE2iy9yL0J1czE3Q21k"}
@@ -50,9 +50,9 @@
00525{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":779814,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EykAAIARNZLAqDgBwKg4ZcSIRFwAZyZkQgNSlWdockRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00418{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":785600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXwBAAEAR6gfAqDhlwKg4AURcxIgAGvHiYkRSlWdoiy9yL0J1czE3Q21k"}
00526{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":902701,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7E0wAAIARNW\/AqDgBwKg4ZcSIRFwAZyoCQgNSlmPJckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":690777,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00426{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":695868,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00533{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":831283,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00426{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":835251,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"CAAnAERyCAAnmO\/hCABFAAAzX45AAEAR6XTAqDhlwKg4AURcxI8AH\/HnZ0SAZ6ExGoh1VzOLL3IvQnVzMTdDbWQ="}
@@ -71,20 +71,20 @@
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":665502,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":665502,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00784{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":786743,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
00784{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":786743,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":602362,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00446{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":602362,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":651426,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00437{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":651426,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00747{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":781825,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
@@ -92,9 +92,9 @@
00772{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":820682,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
00772{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":820682,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605524,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605524,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00441{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605583,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -104,19 +104,19 @@
00599{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645471,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"eJKcD6iO8IQvSpdgCABFAAC0AABAAEARtYHAqAH+wKgBaQA1jU0AoAOWm6aBgAABAAEAAQAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAOwAGAAEAAAHWAEUGbnMtNzczCWF3c2Rucy0zMgNuZXQAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAbAAAAAQAAHCAAAAOEABJ1AAAAASw="}
00799{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645514,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"eJKcD6iO8IQvSpdgCABFAAFLAABAAEARtOrAqAH+wKgBaQA1jU0BN+znF+aBgAABAAMABAAEA2xvZwpnZXRkcm9wYm94A2NvbQAAAQABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAMAABAAEAAAA1AARsoKzDwDAAAQABAAAANQAEbKCs48A7AAIAAQAAAkYAFgZucy03NzMJYXdzZG5zLTMyA25ldADAOwACAAEAAAJGABkHbnMtMTkyNglhd3NkbnMtNDgCY28CdWsAwDsAAgABAAACRgAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDAOwACAAEAAAJGABIFbnMtNTcJYXdzZG5zLTA3wBvA3QABAAEAAVNyAATN+8A5wHMAAQABAAFTTAAEzfvDBcC6AAEAAQABU0wABM37xPzAlQABAAEAAVNQAATN+8eG"}
00799{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645514,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"eJKcD6iO8IQvSpdgCABFAAFLAABAAEARtOrAqAH+wKgBaQA1jU0BN+znF+aBgAABAAMABAAEA2xvZwpnZXRkcm9wYm94A2NvbQAAAQABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAMAABAAEAAAA1AARsoKzDwDAAAQABAAAANQAEbKCs48A7AAIAAQAAAkYAFgZucy03NzMJYXdzZG5zLTMyA25ldADAOwACAAEAAAJGABkHbnMtMTkyNglhd3NkbnMtNDgCY28CdWsAwDsAAgABAAACRgAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDAOwACAAEAAAJGABIFbnMtNTcJYXdzZG5zLTA3wBvA3QABAAEAAVNyAATN+8A5wHMAAQABAAFTTAAEzfvDBcC6AAEAAQABU0wABM37xPzAlQABAAEAAVNQAATN+8eG"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00668{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00668{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00665{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00665{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":229650,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00442{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":229650,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00732{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":263375,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
@@ -134,53 +134,41 @@
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391465,"pkt_ts_usec":534592,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391465,"pkt_ts_usec":535228,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADENtRAAEARfv\/AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539748,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539946,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545240,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545589,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":168986,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":170134,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00630{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":506990,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00627{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":507202,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00630{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":513859,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00626{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":514087,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00633{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539748,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00629{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539946,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00633{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545240,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00629{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545589,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":168986,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":170134,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00630{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":506990,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00627{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":507202,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00630{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":513859,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00626{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":514087,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 848/848
~~ skipped flows.............: 0
~~ total layer4 data length..: 61700 bytes
~~ total detected protocols..: 19
~~ total active/idle flows...: 19/19
~~ total detected protocols..: 15
~~ total active/idle flows...: 15/15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 1981460 bytes
~~ total memory freed........: 1981460 bytes
~~ total allocations/frees...: 36240/36240
~~ total memory allocated....: 1975060 bytes
~~ total memory freed........: 1975060 bytes
~~ total allocations/frees...: 36228/36228
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 133 chars
~~ json string max len.......: 804 chars

8
test/results/dtls.pcap.out
View File

@@ -1,7 +1,7 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00599{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1545143424,"pkt_ts_usec":891780,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00599{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1545143424,"pkt_ts_usec":891780,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test"}
@@ -17,5 +17,5 @@
~~ total allocations/frees...: 35340/35340
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 128 chars
~~ json string max len.......: 777 chars
~~ json string avg len.......: 528 chars
~~ json string max len.......: 789 chars
~~ json string avg len.......: 534 chars

4
test/results/dtls2.pcap.out
View File

@@ -1,7 +1,7 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":748597,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00474{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":964622,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"}
00547{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":975796,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="}
01511{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":332250,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"pkt":"AAAAjZtQSEb7zh73CABFAANVIjBAAHIRjULUINYnPURumfARzzUDQdzuFv7\/AAAAAAAAAAEAMgIAACYAAQAAAAAAJv7\/QPrINelLG7enELoywMmLfG2olv7VWJxKvMqptASfoUAAADUAFv7\/AAAAAAAAAAIC1AsAAsgAAgAAAAACyAACxQACwjCCAr4wggGmAgkA3\/IIOdDHPtUwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEBhMCVVMwHhcNMTQwOTEyMjEzMTE5WhcNMzcwMjE1MjEzMTE5WjA1MQswCQYDVQQGEwJVUzEmMCQGA1UEAwwdKi5yZWxheS5yb3Mucm9ja3N0YXJnYW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbKLr0+0\/DzZUkhdQPAIUSf6vOnkd3vz7LMzwfaRy4xYymZYxZ\/q5Ed6EaW6JqCZ\/oLLe25NsTXHmZDJ9bcDe9YOclIL+6LY6GeN4pfa6Hz+jx2zbKLHveils\/9ARmlq7hem2J4bSrsrAmxBAUMu5I64ihzl5jm9DYyKyUFW51pWgePj0eF8P9dMIaB69GlwcMK1R94D2eXFYtOo55DIY4k+tZnErrkNmE6s9MT8hstIKuhDP9Q4XPojoGCcUNCKm6tzoPU2WN3aKCtbekibukMkhDb6jPcXz5o9twDMuJ3vVS\/f9U54Gdx5927EWXG44Ptt7M7QKZ1DQXEVYwHoBAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGsDUuhvkBDEsohQGctVpkQYC+VB2RYrWcOG\/BuAnJAchnyGe0vUHkNpCOa1W7QJTxyQmEZgVIJXyBvl2SlD8vRwY8YZYq5ScMlHbwx6IOdYiakctDm6\/hphAz0AMeZ9ER6pMQ1b0SbrLR4SfATQmDBiycNsSO9IQH\/tWD+h7XnpYN3d6I\/deTbmPTX+BS4Ni+JKX\/\/0TDJl1LB3dzdPXVthq9rivdIMTX6GB4FfVrCPzwTueYvVVKiMK1NeQNIsIbiOhX5\/j2p5slNKg8\/0rIFgR1N+GWp975Q9KJiE\/k45+fuMu2uWIiauD7DpNeE9cFNSPZZkeJxPz8ZTFCj+\/Y4W\/v8AAAAAAAAAAwAMDgAAAAADAAAAAAAA"}

4
test/results/dtls_certificate_fragments.pcap.out
View File

@@ -1,7 +1,7 @@
00494{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00832{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":726225,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00806{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00476{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":848420,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"}
00861{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":913729,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
02310{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"AAAAp2BiAAAAtzPNCABFIAWg4VdAAD4RJS4j0juGCrrGla2bmbMFjGwmFv7\/AAAAAAAAAAEAQgIAADYAAQAAAAAANv7\/exvJyLXWPruOHL5MK7Y1JsnEAS0AtJ+iPSn4YJ2mNsIAADUAAA7\/AQABAAAjAAAADwABARb+\/wAAAAAAAAACBSgLAAYLAAIAAAAABRwABggABgUwggYBMIID6aADAgECAgIBDjANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQTAeFw0xOTA0MjUwOTU4MDZaFw0xOTA1MjUwOTU4MDZaMHcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQ0wCwYDVQQHEwRPc2xvMRswGQYDVQQKExJPcGVyYSBTb2Z0d2FyZSBBU0ExEjAQBgNVBAsTCU9wZXJhIE1heDEZMBcGA1UEAxQQKi5vcGVyYS1taW5pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORPM+HvV9uX\/YNDU1hkJZQiq9CpOzjLL+wmzk\/mxknC\/lzt7\/2Qg3qbyuKW5iBy3JZxaPO52oDwxIsilmeOkz4Mh8DnHyTx32hID++IiL649AXqYsGsHk8LI47iaUM6ub1Eu8MRDgFfIdgDsB\/iOYBVS6hhS44QgmBZ3WVRQHREe6jWyQtKDKooXtnRMU29d8xdLHTrujs0FtnJ437d+DiadyE+snuairyQNNrpLSNIZ\/pq6ewzal4u0NNe\/WlSiQTKqZBXXAL88GeYHTv+6w0xcxAqMiJvKS7otsvURb+7AhEr9BfD5cpFwVxi+SZQILibozwuzFJXx+cIypgIV2UCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMCsGCWCGSAGG+EIBDQQeFhxPcGVyYSBNYXggU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBToCRx51cxkoksSq+PH5Da9dPhtITCBvwYDVR0jBIG3MIG0gBSyo8s55dkAqfYHaJNGmRcwX2DgzKGBkKSBjTCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQYIJAM0pJwGa9KPrMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAtBgNVHREEJjAkghAqLnNhbXN1bmdtYXguY29tghAqLm9wZXJhLW1pbmkubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAsxMazt97mPzh89ugKFn+gchqN+8gwc\/qgCr24OgrCxlbcAuboN9GwNVyzEBLp8xf5X2uUbpzhUkNw8Da3gcOG9WRU6jbrD1WcRY6JvO0Mmn7tYOByaat2bf6co4aeqoorQ4XfH4XhjO0fNkhSxSnFd+YB1aTRfYQRZ9pIyqogmNC9mJGTFtFs6cJjs1UFLJ2Xs6n5RJMSgKdDdAS6NIKDCnhLmY29DHpiEqG4lF3or6tz0shqbW58O48+6Ff2qWryOZnPPF65AmJhRVUGil0HqRIZ9cej0+Pf1mpRxVU7o1XhXNWwazwIl8+tAnIOdpr7DJtkDNmXYyRKwOo6aEAWQeceETyNh3LwIE2unnIZhLc="}

4
test/results/dtls_session_id_and_coockie_both.pcap.out
View File

@@ -1,7 +1,7 @@
00500{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00553{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":775130,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"}
00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00811{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00483{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":786468,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"}
00580{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":813030,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="}
00649{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":833900,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="}

18
test/results/encrypted_sni.pcap.out
View File

@@ -1,16 +1,16 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01380{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680386,"pkt_ts_usec":576239,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01384{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680387,"pkt_ts_usec":847337,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01378{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680391,"pkt_ts_usec":590254,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3/3

194
test/results/ethereum.pcap.out
View File

@@ -1,63 +1,63 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508362,"pkt_ts_usec":274369,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00625{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508363,"pkt_ts_usec":333871,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508363,"pkt_ts_usec":692141,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":272113,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382390,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382655,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382946,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":421473,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":422230,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="}
00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00625{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":422710,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
01822{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":519784,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="}
00965{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":519815,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522823,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522827,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522913,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522958,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523037,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523039,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523109,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523145,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523185,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523293,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523327,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523356,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523418,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523420,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00598{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":563748,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxV7ZAADERmgVCKlL2wKgBuHZfdl8AnaK0fEIbGBqDvIrgEkHISxvw4daIo1RSAPsaWiRQZnDOwteCpdNuEHAKkf4qhTn951kjq+ta18NQVXgW\/g4PPXuXiV0Qa\/G9UyK1NNATBLMnTaWqYuSaSklfuyWrYJCN+duPAALyy4RPFs69gun3gun3oGE9eACysJzHYDAgc39fUYaAxGcHwJ0T9TM+bdQkH1h\/hF4WIIg="}
00437{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":565857,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="}
@@ -100,7 +100,7 @@
00450{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631311,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABEZWdAADQGqI+ygMPcwKgBuHZf3TL4VGul8MrEa4AYAOuCqwAAAQEICl89DDUi2JR8yjgzdiqPQc3ERKwWeITX2w=="}
01829{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631547,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="}
00970{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631563,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFMc1AACoRgKc056VswKgBuHZfdl8BsY\/7AbVh3gWo8SfsvrDfXBEY37aMXJSMN0uUwOwpyu6B6jgWoyOOeaZfW8p8K7cC87fG39PLVlOFXQ3jYq9vtOfBDX6bH8L6Ud1+tJEwlS7mp2rbZA9sYf1hxy8FHTKGSTs\/AQT5AUT5ATz4TYSKyQxXgnZfgnZfuED5J7sOgSfNlVjTASmSDY7Fy7YY+BpFJY7pXwctWhMJTcOmMj122JoEqWmMFn5AxleLHeL+JqTFgSdcxQ2RnazX+E2EsAmI0YJ2X4J2X7hA9ktwuFCVbr2r\/BglRNLo78e9LIAJZ\/m+C+hWU0f89Bx2rrwMw00HbBQ0vUlGFoe1fvsEkUHUVQGEbKsMLaak+fhNhFBCUN2Cdl6Cdl64QKZAuhr8bhttB8APdDnL12FVc2oOf7Cmm\/Y3npKkXJW9Dwps8lIG5ynIfbmR5Jk+ofa3SNxvldAlmXVUluLeK3z4TYRV1mw0gnZfgnZfuEDCrBy3iaIRw9zhFQbbMZN19+v5HOsBbt3w+xt1mt5PoxBj5B0SHwdUTQM8H\/QXv\/y283eJhY+z4AISqPo+Z4tUhF4WIGA="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1578508364632,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":632239,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
00425{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":636266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0sAZAADQGGBVZJmMiwKgBuHZf3TAEAfQWmn8I6YAQAOutFQAAAQEICl+aRBIi2JR+"}
00929{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":636299,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGjsAdAADQGFqVZJmMiwKgBuHZf3TAEAfQWmn8I6YAYAOuDtgAAAQEICl+aRBQi2JR+AW0EnJ5fzsMrXil5F8Nzp0mm1VxyUnRV4T1BIpSe7g\/E+N1+2lOs2frTyI+5SasLlRq0wjMhTCMALlCbFANK41nr2v4Z79x7xApLXqyuhIn7JVZKANCoIQgB5XzMFBS3\/9BwBFlShd95WOJ793tKi4K8LADeuSMgN\/pTabWcosjb3YZxWK+Lelc5YxLmfSxxFV9wWC7K6QvbU4KIrj5QFQAU5ACvFqXM4\/TthkOFXySYa1VxvNxosb+NXuTtu\/Fd9s44Tdg8r8LdTpzNdFab8G6yuG8\/5jbZ0Dd++JWkhXSwwcGUPRLHC9h1W+HzQIiqPE81khvY2cPK5ki4+\/OM9fouJhdymaaFoZa7urm3VDxCiasFi\/gMlYembXYGLrd9qaxggLy0jGI88Elgd1UOyRdOpdPm1a0rFZnwViGwedGd9B6RVOn2JNV8VgXBFHz+LBSpuyNETHRaxkFJOaNldk3X52Z9UGGF2WftC9d\/lg=="}
@@ -118,9 +118,9 @@
00972{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":650052,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="}
01841{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":650675,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9MdRAACoRfig056VswKgBuHZfdl8EKRKyNhMNoVpKai\/zY6JtPK148+n8O0oeVuWetq0EUGeIZ+RtfSVG+aSj2EjmgE\/VzJtID8hcsMA0vo5I3RXPomPj3yUethvOHViNcPLofHHgt6Et2w\/V\/IZQwikbIBWnB9DTAQT5A7z5A7T4TYSAADOMgnZfgnZfuECzAedbnywh7LLXCkndomTntsSUpeaU+X6fjJnfrZQaB1R+H8I82rjSB7H8uOb2MmX2h8Eh6LA0rwKGlGg4GwHK+E2EItltD4JSCIJSCLhAV7xweLkhFnsF60oz420o\/7aRuvQDfeaR5dpY3JYLjsX+vIbrgixVpsHDBYr8HpBMbqyvQppwqy4HYepbXQ439vhNhLmcKfiCdl+Cdl+4QIpjJmS5Gps58YQUc3o0wkmgpBHEx1gDORbTV1rWIFwK7dVIOGdwy7ueFkd0ebURyFnWaX56rb2vwE00TcZVQc\/4TYRYYyPigm\/xgm\/xuECpd\/dXqwhUtMXwMPm+u9hAJuGJB0TlNeJH\/rhwYyfJLba1YjqffEkcEK\/elP06ULgIs+MSln0Dqh5H+5kYnNGk+E2EZc\/gMIKdZ4KdZ7hAeuBt+eVpr\/lD6zfG4rQPZ1zeBes7bOJwSykdL6ML2QKv452iWFBJMIYyvlNFnq\/\/C00h2CuZ\/anhkV9S20AZY\/hNhDTCDYuCdl+Cdl+4QLBhjnLjpcFxFmfKTcMgokq3D+uNpAukzphlJv9fJvmZpMDVt4vA7QCl\/tQeO6YywXwxPSo5mqDxT4Mhw84RQzb4TYREt8O8gnZfgnZfuEDIng59WZjTY84Fc4kJnGTPNYzt3nnlhEfJGfnOrlC6yoc7pGIyxRJAuIHlFFkehfT\/MZnQKZAPAlW4w64AegZe+E2EJox0OIJ2X4J2X7hAUcnvye\/EDV8yhpr44tuNjcH1iKn9VgwhEfiCj6tWu2I48UyT\/1NGoVARZK9OdquCOZ6CApHQbW+DYNgMbETGWvhNhANdcHOCdl+Cdl+4QD\/UX2IqmKGVR1qU9QsLqb3KjV3UDG2NojB8dIr7Jri2pn3jv\/+bXP6J9JPk1pIlWnrC4\/MFYoxS2N4EW\/3JczX4TYTOvRBhgnZfgnZfuEDSgII3zWEN0R4iExLhys3S9YgXOxu2LLtFpLUyUOie168aVDZZDdIBkFFi9sbcxATorv1KnwQmEOhtDobrFgpZ+E2E1YVu74J2X4J2X7hAOuWZ6O0wzMscIvV20fKJ6imvL0uabNom7Rtt3\/mq1Yc\/cUISC095aLfdfnNtvPxS8fkoG\/ogbmJFfhJwViVFH\/hNhC9cJiiCdnOCdnO4QGKt2+KrFMp40sLt\/0+vqoO+7cd+LGeqSI3nARXhQPO7oSmSUrCcwDSYZBC7QsBPfwF6JwXzHNJha7yydiKEG9+EXhYgYA=="}
00971{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":651426,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFMdVAACoRgJ8056VswKgBuHZfdl8BsWtYNy\/hj5gk8D7Qb9lhdkjiXuUss1RO4UI6kATznWWyDqOMchQJpCnqSV674XgLJ5rYR9PaOEhT48beQDu03i7VZVNxX8nv2G6qMXRfP0\/h3IH3SU3lIC1bxcXTs3w00ZHeAQT5AUT5ATz4TYQi3xdYglIIglIIuEDVG9dFjWMC0aHQ4vqnlKYK0gcQOne9YNbF01KJqjowzmQZQVcpjdSvYUQ2oIynqEm3wQCNB+a8ozVymcPr6iYo+E2En1nK6YJ2YIJ2YLhANx7lUx+IU5K\/T0hlFB\/0kJV+5Mpc43wZst9aIXFLC3h2rT7jqKAorAWccnKDf3zh0thGd+rgV1dnqgKCM26ALPhNhFnd2oWCdmCCdmC4QFU0BpRJJdzLAqOeJ+LAjuBufhPi0BPM5VRHqi1HMHWSXj+rjd73LjnWjILlW20x3ZLEJfz2+7zut8KH8MBENo34TYRZKAXhgnZfgnZfuECPxq5\/\/aZwdoEnw4F66ja2vzoSmIIUuIfx7Q3gAQliMJDvmV1wYTJr3\/S152jKmk+KnQJu72UByI1G35q3AZ9bhF4WIGA="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":654361,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":655558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0tVBAACcGoaMi\/xdxwKgBuHZf3TMrXBsHHvlGKYAQAOuT7wAAAQEICqcQh3si2JSV"}
00973{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657661,"pkt_caplen":468,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":468,"pkt_l4_len":434,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHGtVFAACcGoBAi\/xdxwKgBuHZf3TMrXBsHHvlGKYAYAOsCCwAAAQEICqcQh3wi2JSVAZAENpARAs4gLKabLp0D6Y3Nyp\/GQ9Kz6V06NMSPQOKv3s9Ejuvu0WkofnnoeHbu8ZeqAb3RapSJwXVNMkmZlJB7T5N8BMeBtnaSaRRVqYAB1mZYcujkK0QQ\/gjskze8v11lDscXXcxVmVKvoEBO2fdb15qhRf5yVLm+55brffXQVKwdLSoZKXhOX2lTtT\/cXJTctoLowqgfdEJqRaZjfdoozad0DBG5GDaLM8mlOshCHR9zCDEGPBfXOkHyDrgJz\/QzLxeX2qTwvvp4nNk5MZD7M9fxyO8Is+tDxSOgA5h02FSPo58jFXIjlCJ52F3cGJYjqyDCLJ7ocE42DZiwALTPlUhui69KIZO\/jGhXYvljZAr\/wIKDF+g6slDfzXufd+XlO7X6Z4pR7IcDGZd\/qJRB3udbzPsAABo+UqXwr8ujaGoqzr4KzhLqvRzgDLIbN3hwRJsT+nNmIX4FXoAPgVnMevSofHWKf8aQK8cWo4WGWVBHyJix3Cz83Bf8Ca2LbFuzYHy1c8enEjfCI1Xsb5iW"}
00472{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657663,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUtVJAACcGoYEi\/xdxwKgBuHZf3TMrXByZHvlGKYAYAOtT8AAAAQEICqcQh3wi2JSVmzR\/Z2r4JlLZOXsyzI3ghD22rwaNEB4McRzPEE97aVw="}
@@ -134,7 +134,7 @@
00427{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657801,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UYpK1wcvIAQEB6CywAAAQEICiLYlNCnEId8"}
00438{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657828,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
00426{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657930,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1578508364659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":659294,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
00964{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":659971,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":461,"pkt_l4_len":427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG\/AABAAEAGRbnAqAG4A9EtT900dl+bF1Vm3a7y04AYECwE6gAAAQEICiLYlNJOlRAnAYkEYzsbi3U1VbPxeO8JeZGy8BDKLHIeRSKQp4\/evVyQovWvCuUArTsYbNFNxbOpHxgiMLlX0ZOeEmBKpT+zxdZ5teBbqVi3L+mm7Ze75jkvKWog+sVO61B5+CMn3LI3RoqoEIs7LzSm4dXhRB4iMDjlKoJ5ZcHwLwlkh8E9Vpo3djq3bdx6lp\/EdVYh6tyjrDNl\/j+nQfIHSl0cMW+mhrtlfSdcGh0syw23uJtUSkclaVzh1wHeEc\/bQntltm8xovFOwV9SJyedZop+oHv1QYNt8oHL9v3ZZw5lkXyC9v2DYGLqmi1M7RPz8jlmDJa9m+OtKYcpqVh3LJYWvbiP5AVvl68VRguEFNQTEiaz8u+Ok4fajiRFN+EVltIdouSx7saQkYFk1SJM9L4aBUOJFvL6FFh3igjYUWKgCjdf2qOqAGWN2QeLZkNKg69L2LgHAubee5cXm\/oVTb4ak7cxt1raQVyZh0C5KR4jqdxt3Bdo\/8IlgvyUrAcIb4sc4COpXETFl0cDGUpkbOA="}
00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
@@ -149,13 +149,13 @@
00757{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681522,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEksAhAADQGFyNZJmMiwKgBuHZf3TAEAfWFmn8I6YAYAOsQnAAAAQEICl+aRF4i2JS8xcqDUka6Nv2S2Ufz6z\/Pc4tUOEiP2qX35MgcMm\/FRcBI1j4Q8LC7QUcc9JL\/Yw3KyGBqgE03yu+YnYklie4xu7Al3VM2TQGz54\/LgRl0\/Ie5C27Q8ysWIDe7ZEW+uiq4a95fxvQnunVacIlTA0Gpw4J+oGybZovq+Rk5DJxjUmwrb8Uy6Vt0\/oPrb6yV5\/MR+SZ8DsrePdRSAl65pGEVkjyYpKbSgRz1ChT52ZoUU2vYtyjxLRwORKHS28j300fvx67g0QIGEmJy4CquA1lMx31OufL1tZusRvGCS1tl8+mE6ykfwjozXV8dBrI12PHz"}
00427{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681555,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0sAlAADQGGBJZJmMiwKgBuHZf3TAEAfZ1mn8JmYAQAOupewAAAQEICl+aRF8i2JS8"}
00427{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwmZBAH2dYAQEBmaJQAAAQEICiLYlOVfmkRe"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1578508364682,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":682687,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
01939{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":694292,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="}
00865{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":694327,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":697110,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":712647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0yT1AADEGTrEzJjxPwKgBuHZf3TW8w0qZ6ojUvYAQAOtzCwAAAQEICmE6ncsi2JTa"}
00894{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713144,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGIyT5AADEGTVwzJjxPwKgBuHZf3TW8w0qZ6ojUvYAYAOtDVgAAAQEICmE6ncwi2JTaAVIE8c7Hq5ONAC4\/R2UmKB+pU3BBRCUeN9Cf5BBGHA+DoxS5SlI8U1u9j1H\/Y6CPLI4CRb+QFrsBclsPm\/KPU8JGQ1PynzKCnLAbak\/y2NGwmkePHs5rBh3R\/svTp7gcODQvsx1GMGLb8NwXSqyq2TMPyRpALl4do7TzwQpS6\/oaQzuDJL7vKkXZCUpMHN9DzjKKtai0sGnk+UkdFANSwlkBNNqC+BT2y6l6Shhfb9N\/55qoJNa194yfobhSGIAfxWSiPLsr5nymVKt2pEr1UBCKdPVL1MuYJnHXYMe8bOk1sJheVDBy9HmLvMGdALare0q2EpYk6wQ2UQmQfCfytF+5t3VD6nmV9Sw\/ZolMbiG7RNZPrX9QpLN0iruDeaUP1mdoXnny5MTe+Ri3+7MMAPL9D0gEgvEZ83RmXs+HaypXwnsJDNkI6JVcRk5X\/ta4EMMxjg=="}
00471{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713190,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUyT9AADEGTo8zJjxPwKgBuHZf3TW8w0vt6ojUvYAYAOuWGwAAAQEICmE6ncwi2JTaDKbYTK0e7YzAyq8CJTCkEPjRnlZmQ1Ln\/nt1w+7tb0U="}
@@ -167,7 +167,7 @@
00429{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMDoAQECBiNgAAAQEICiLYlQRhOp3M"}
00429{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMEIAQECBiNAAAAQEICiLYlQRhOp3M"}
00429{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMLoAQEB9iFwAAAQEICiLYlQRhOp3M"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1578508364714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":714836,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
00440{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":717778,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
00428{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":717893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
@@ -175,18 +175,18 @@
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01830{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":729181,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="}
00970{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":729798,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":732443,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="}
00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":751141,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
00426{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":751248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
01080{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":752659,"pkt_caplen":545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":545,"pkt_l4_len":511,"pkt":"EBMx8Tl2KDc3AG3ICABFAAITAABAAEAG8arAqAG4MyZRtN04dl9aLQCWZAevFoAYECzuoQAAAQEICiLYlSeBHInXAd0EVrOafIpouoTHB+BW2z3Lrv3HnCw2ZQBRlgf\/19WqTwFOA04VbQy1wFUS6HAgPfHy8NaOV77ZdRJTSAq8L7x6Kw4II\/hUO4r9f51nr5zJtR+NmQtihw\/oG2toqeE2gmxFBm\/FJEAZ3BhAyklgcpYoSgeZNb37AeD8R7SxXsV96FZAMTuwUePPPwvKLx3F3XQBJXGqmL8ZZ4kHijHRXepMXtDyrqQ3dHLW36bgCyBffbPJwK11VIZBOg1ZO\/6QcCJyM8WU+cI0sTPBasm4PzbCQgYhaSkC8C0ehkpBDkbMoXij9k0WKFOVrIEsyZ\/24n+unHUtTe\/yYV6dUpEywFRJGupzIBFEQIrlJ+R7y5h8fxbPkC6UiykbmNIdFoDGxOiSYBL3yeK7GSTvjks9NeQTQC1eqeVk6U54EyDTlZ2t2cddwvBBj+fMzUkesX+MlQsGkokjFLEpHTsTH4jgy5EiQVvgHqBHad7G9fBM4q3K7UQYmh0hkSGogPuWCsrTo\/YkV2pbe8nJuLqnzRBnEBsCwsw9rDIf0YsG5\/lfaKRt7lzM\/aZlRjLHsqGkZkpqrfD7R6MXqp\/xig+JCvg0MFvDNMp3tp3C7Lm+dgS5zbrMV4EKIIIpgqxAKcHEra4="}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01936{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":773663,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="}
00864{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":773700,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":776411,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="}
00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":784751,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
00429{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":784843,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
00440{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786203,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
@@ -224,7 +224,7 @@
00427{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1bx3a70zIAQEBxDhQAAAQEICiLYlWlOlRCs"}
00439{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
00426{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823597,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1578508364824,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":824682,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
01152{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":825302,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAG94PAqAG4EopsQ90udl8TbQysLsAz7oAYECykNwAAAQEICiLYlWqmusMwAhEE9VEMnxi7\/+u3S\/7SD265WwXEe4fwDjOiQLsVOQxpxalSy7LlsUK4AEo+a1Qu54SdJYKUHtZVjJeiTzpaNscMEPnLhkYVoH1ZsfMM3SzSNckPwo27vBvsTXbvepFdGGfyt6oFIMjfApJBdBhKGuhBHU6KYxOnBPvkfjAzhNAEG9ZOct\/f9PMzeR\/3HfpP\/\/foRU+R\/UwxyK3KsOUDV7ivmQnjXPHpshdWKhSI2CmV4f4t9S2wPNhYMZFG90t1+c8FUX4hZ8IJSblZ1Hw\/xRVdy1XIr79XD\/YbXUlCbMbQSwpyRMeybOWZ\/3FFKK4\/m072RVgcU5vgNs2kQIANqMn50n9GdB1kT5VpcmbfktccGTcPpL5cqtUiHf9rj39T3mWxv4q8GrISLBQTR\/tbUOSXcuAGYHTUa5PLnQdiQlMB2NU3XarTCVXOKj2xulN5GvsPX5Wy2aKOHMGmdrt9tRWyzeNSeOUUMuTlnroJDaW6hq8\/QtG57+o9cfcesHmgUsKpYao1qZUd8lFRvDjla17QhLWfcHO9Zm9qK6x9TBb29EZ6\/QlYYuy+Jy9TbYE\/LjA7KJU9R0TdX0NGBywzUrgAwjm8rFolFhr0dTH8CYc1zYL1wnwny0ezNRkgVRVqWSfxkV4mnKvCfyi9XKSx7Th9OnlEAk6m8Cg8tenmIjIAm6NyXqFCsVFiylc5ACi9wAUl"}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
@@ -241,7 +241,7 @@
00427{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew7oAQEB2WswAAAQEICiLYlW+BHIod"}
00427{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew8IAQEB2WsAAAAQEICiLYlW+BHIoe"}
00428{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew\/YAQEByWpAAAAQEICiLYlW+BHIoe"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1578508364832,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":832618,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
01071{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":833343,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"pkt":"EBMx8Tl2KDc3AG3ICABFAAILAABAAEAGEufAqAG4EopRHN0vdl8VNVkc\/BYyhoAYECzL6gAAAQEICiLYlXFjgYkbAdUEwUIR9YgFXZ9yiOt5YBH4UtFaqA+cwIzRVHYokt1jt3NSo7VChRqaTps9paUa0ngH25xMfgJbcuBsMxxTxgihIKn5VUXXgWDlNYyvU0KlT1bNUEI4mKZzhEJdNwjpMn9paKBWzu2LEMjx6bLou4eS13z\/nVxfNlGL0J7vv8\/wC8YQ1+XvQyGDWq4sjQibEugRViJciB03P97SSio3NTS6h9JYGoEfM9nybcbgUflDrSQcxM3wZhLR4RyXHFofiZ6ItK5WZXSq5pX\/rioqKS6rjD\/Od8+ItIp1Os0RxmLLf4DWm4\/UMEN2gFSO\/\/Glty20yCOSCBOfFj8FNpqoruWb3E+P4CmQ2C\/teNBBz+h3griSFolu7EDV7zs7SLm4DR4ICIyHvtuOPkeooGrl0tep6tLaxHM2ZkQOiUJRKu+5pHwHgHmEbBncVaLwnhxRCP51iVfM2TEGdhOXmZNW\/1FyvH8rso8UOfKabPq7CXCpZK38otIKu601tzRMGFOYwWIHKFmd+rKAZ\/NBoZt\/6W8POfwll5vHjI\/FLep7U77tKANlUam924r9s1XPKaPkH9fxcGGux9IUOJRyhmfvWk\/b8yyfBvntIhfV4oqnCZvlQGRKNPXA"}
00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
@@ -280,16 +280,16 @@
00447{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920578,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBy+NAACMGiC9oKtkZwKgBuHZf3SMhYrlX7BRoDYAYAfofVgAAAQEICu7SsIsi2JUJridXwKMiLkho+m7GyQ=="}
00429{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920595,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGgNIWK5V4AQD\/6IwQAAAQEICiLYlcPu0rCL"}
00429{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGgNIWK5ZIAQD\/6ItAAAAQEICiLYlcPu0rCL"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1578508364922,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":922060,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
00711{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924422,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEjZhAADIGtLSi86BTwKgBuHZf3SW77RJe6nqwfYAYAOsoBgAAAQEICnVn1Q8i2JVXqB4IhOXyDkG7gf4wVue1YBFCV\/+yw6M8jA+kibTv3mtjlRHP9tP8c4lZMHx4Bnj7mMHTlL3Za4w7RRGZo8UUWGTgaOZ8JOqKt7XBLl7t5KWgTNCjGVv3RUP6yr0BVUHzhnpspLE08nXhRp8eeEgMQsae0889yLYtd+IUmq6Pe66E5ioWd5V9CkIGXfzLzJydx6Pqnbs79okijpwxi3jn33pSoE12UO5sqd1y+ayd3FqVRJPuM8YUW0R+3V2bORENbDuTDn4j9PpTkJU+JkYd9A=="}
00427{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jZlAADIGtYOi86BTwKgBuHZf3SW77RMu6nqxGoAQAOuvTAAAAQEICnVn1RAi2JVX"}
00428{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924469,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qerEtu+0TLoAQEBufmwAAAQEICiLYlcZ1Z9UP"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1578508364924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924936,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":925232,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00426{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":930055,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0P7RAACgGl+woQ5CAwKgBuHZf3TZG9x3RfGwnQoAQAOutlAAAAQEICnIsxqEi2JVm"}
01003{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":931019,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHbP7VAACgGlkQoQ5CAwKgBuHZf3TZG9x3RfGwnQoAYAOtYugAAAQEICnIsxqIi2JVmAaUEJ+RTTNaKeJ49mHQgWlpVTQRI5VG48UZGnvDZ\/AXr1VILVQ9O1idwrzt6K2OMjJS9o1PVpWsNbIc8MH3IjByixnPI9KaVPx8mXNul5rqpONyNvE5D5QWT7QN6E6ROgZb3VBBaBChGxjDzgiqHf4VZq6+uTHnRLiTmJu\/tJBvVpuLS74tvdGNWf\/ih9Lb59or8oIye9cnRXq6QxNeqRegxacdxpmNvHnOsH1xYtvZd1gtIbMggtewyo1Dn1VrEUGaLZ8YIgei0fI80M4TI9+xxREWwNuy6j\/qfWcyHp\/IioJKoTY5PMyJ4KJhV4tkpllur+NCk6tolE+JLCfz3+kzwQONUkKz1790S6eJjaC9wtPHxoSqGiRezES8T+hj3cweRz44i07e\/5U6uMQTy\/OLpemir\/+Cx4TKBoObiU1Pv90jumuEPVRu+IkyCniPJGlxWCVp4cTWCCZ14UgcAQOxJs8PBSt9FMlUREzy6Wh9d+m6VtVXDspOi\/YN\/Wdg+ar21s9AW80kk5yvRk7Bz32Y5TzOnIe31AHyU8KXllbzRMJWOieG4"}
00471{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":931064,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUP7ZAACgGl8ooQ5CAwKgBuHZf3TZG9x94fGwnQoAYAOt\/8QAAAQEICnIsxqIi2JVmT9YL9qHOr0+NjibtWyjL3KtIFwbnBG9OdvuZeHcpAyg="}
@@ -303,7 +303,7 @@
00432{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932136,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGv5\/AqAG4KEOQgN02dl98bCdiRvcfuYAYEAC0BAAAAQEICiLYlc1yLMaj6A=="}
00438{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932308,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
00428{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1578508364932,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932939,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
01215{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":933835,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJvAABAAEAGgj7AqAG4n8tUH906dl\/csM+sa1tl\/oAYECyPNwAAAQEICiLYlc5PeKo9AjkEpygvnKchHo\/9hxvr5Qw+iboZdo3f3SG7EZvjwd7w\/2cK9Gmp6AB3QTgV0ZKNW3oRtB3OCMj3x8Ruf4hglrPOR8z4gDspichx80Fp3Ii29HmJSooT1ooAwg7QLR5ppOcGiZ0Jee4UwPmXpUCT\/zV+YSxP5MVCiOEH7pByreL9e7s\/NcDeXys4Mo2BRac\/Ej9PResGlgyJh+9FLsXYSx4qZZuwqVCSJSb2XvfEsdTUfWxG\/mlGpGgpf5whPWlAfSz7Oe20c\/f0EdzfgDI9NJpGEjPOBSos\/GuZ0hM9rufVviW2svr975inq+J81tRJ\/ITe1XewQv7g8Xh3dCaSK53YZfjTdmQ2lPtSUaUAWxaD6y7+1W9M79N28CR4hwLEamR83zpLpjhCprS98oS2yZdyQPypaWCSL5+Dc9PGnt860mDm3PmEP69QRVGEgjznQxs7cNWxBeOK2RmYlLOQN6jQA2jxoF\/oOCb3wnN1p\/QyoRd9SyLYwvhPzKpqx\/ZWP+rDLa4sxoTk+7shWb5NDLqplnmJeSxdK+pu7BT4hkAgCMiXUcfj11g2f1fEAf\/z0KfvHYTs3\/pLisnKePFZSFhM458MqwFxoShf1p5bn+un+y25Fcp4W5\/WlRb3XNf8hqwLrfEM7l5rzvGHXMjE7r9jYvWo\/\/uhbuPEvG4FWDxInlL42CndUL+cc9p0TJmh5wXFTY7uBRbaL2JUuah2gQ9\/kEYy1FwIdqoxyM5d3V9+KLYteT7hmCs\/\/g=="}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
@@ -350,13 +350,13 @@
00446{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8448,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBxttAAC0GYcq\/6qLGwKgBuHZf3SxpEHIwX7ewwYAYAfoeswAAAQEICjQYmu8i2JVJfTDJzPSuNlS9oWrX0A=="}
00426{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft7DBaRByMIAQD\/56dQAAAQEICiLYlhI0GJrv"}
00426{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft7DBaRByPYAQD\/56aAAAAQEICiLYlhI0GJrv"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1578508365009,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":9842,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1578508365021,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":21490,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1578508365029,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":29590,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":38942,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
00437{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":39176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
00425{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":39222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
@@ -373,7 +373,7 @@
00471{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44194,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUz6tAADQGwK2fy1QfwKgBuHZf3TprW2f\/3LDR54AYAOylrgAAAQEICk94qlgi2JXOJ+pFvqCq2VJlu7F2z8Fq0p0vzt4GVNN645NbvcgqCuU="}
00427{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csNKXa1toH4AQEBonIAAAAQEICiLYljFPeKpY"}
00430{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44303,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1z6xAADQGwMufy1QfwKgBuHZf3TprW2gf3LDR54AYAOwXWAAAAQEICk94qlgi2JXOIA=="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1578508365045,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":45064,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
00438{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":63785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
00427{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":63889,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
@@ -407,7 +407,7 @@
00447{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77948,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBWHtAACYGuw4SimxDwKgBuHZf3S4uwDVPE20Ov4AYAfms9gAAAQEICqa6xFki2JVqdj9nUXn\/sAhEHAq1Mw=="}
00427{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQ6\/LsA1T4AQECAnagAAAQEICiLYlk+musRZ"}
00427{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQ6\/LsA1XIAQECAnXAAAAQEICiLYllCmusRZ"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1578508365079,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":79165,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
00426{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":91439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0SuZAAOcGItcSilEcwKgBuHZf3S\/8FjKGFTVa84AQANu3cAAAAQEICmOBiksi2JVx"}
00438{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":92283,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
@@ -424,7 +424,7 @@
00451{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":93812,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABESuxAAOcGIsESilEcwKgBuHZf3S\/8FjRcFTVa84AYANt5wwAAAQEICmOBik0i2JVxicyOakUFu81kNVzra1b2Ow=="}
00987{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":94017,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHOAABAAEAGN7DAqAG4uduFPt1Fdl+PNscpnSpDbYAYEAwFAAAAAQEICiLYll9\/mc8NAZgEXPbdvtbTmRXtZvkhCpRu89E\/NC0evMSWxfI463ZMNvhJiUNtLl29hStqf1WWeBU1k0TTyXeOv\/rfDFTYD+juJGFonoyCsM3iL6Q9\/v964LYgEWMX9ALB4X30q9QaWo0Bm0qK9UwCQ8U15JoruS\/niDmalsIWQBLJ9q0Ij0l+QS2w4MJipV05eRX1u42NiX0nmbgf66P3ENbOZj\/1aRDDyF+yjCJSZexZkCh3TyvjVjrGklMAsE77Hx\/c36JFY8gxNN5UQueSZRyjaLRTsI3yKKslk2JbQ902NRTc1Rojsg1zBhHRq\/ORbfBLpQVnAzo9YYHG1v3ZkBmEr0D\/uZNUW7OFL1C89+KGfRCCauAg+mHJwhFjmKdLe6NbjRExzUYQIm1BV51xri9clMmcaNO1RuyCxI3E6JGhWjmuGD8Bu8l1qU7n33tia+dLRd8o+DqGHtS040to9Oiy5u2Jm96xP8m1GRaVb+lWWnQCbdKr1vIGF4mbQblvVd7WqYL7sCqoH0rk2G\/9qPEDzYYKUSpck5aEa0\/xYu4="}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1578508365094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":94625,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
00716{"flow_id":39,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":97308,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEnAlAADQG3qeQW3iHwKgBuHZf3UEpl2jrdDhk\/oAYAOudKAAAAQEICtuFpasi2JZKOD1kVbLrdC\/cTcdqNF\/\/M4myJbuDPiTQR6RUYgwP1uedKee7VKs2H4QewUbNHrtseikxjhBxWZkorgltADGDmRfEe6AzdQcAqJEB6uNyh4vIfEFBKBXV8fdGKEgFbUP2ckfVnYD32cFPqYFvzB1Hv2pBmCo0\/bM73fFG\/xOMNjWlbZdEdNl8R0hfgpQcGWH1T1goLnjUzh8o835V9CrzJubJpsi36J+WHIjPS2e38krYjJGf8DvXs\/hb9yvVQc3X3BKPL6jhGHuYwGCshh9jcA=="}
00426{"flow_id":39,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":97356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGWuKZdpu4AQEBugGAAAAQEICiLYlmLbhaWr"}
@@ -497,11 +497,11 @@
00471{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153186,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUqERAADMGHHui5B2gwKgBuHZf3TsLfbwUuLex+4AYAOueOAAAAQEICtHXEgQi2JYE6YtirRyaIoVB7ORY4lCsOeH3eCuwvQEPRCr1biylf50="}
00431{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153199,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1qEVAADMGHJmi5B2gwKgBuHZf3TsLfbw0uLex+4AYAOtdKgAAAQEICtHXEgUi2JYEcw=="}
00430{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7KrC328NIAQEB6\/xgAAAQEICiLYlo\/R1xIE"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1578508365153,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153718,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1578508365154,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":154075,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1578508365169,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":169225,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
00427{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":186550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09h9AACMG5MkS26efwKgBuHZf3T9fy8\/Mfuf3KIAQANuwWwAAAQEIChLJg3wi2JZG"}
00438{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":186673,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
@@ -518,13 +518,13 @@
00429{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188081,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR5oAQEBuemAAAAQEICiLYlq8SyYN8"}
00451{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188179,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABE9iRAACMG5LQS26efwKgBuHZf3T9fy9Hmfuf3KIAYANuriAAAAQEIChLJg3wi2JZG8fBAxzjaRWd6BoyLtAOXEQ=="}
00429{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR9oAQEBqeiQAAAQEICiLYlq8SyYN8"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":189114,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":189369,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":194549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UNhAACEGQrU0u88bwKgBuHZf3S3Pd7n21PprjoAQAfmqiwAAAQEICm8lvuMi2JWb"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1578508365194,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":194618,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
01040{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":195889,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH3UNlAACEGQPE0u88bwKgBuHZf3S3Pd7n21PprjoAYAfkNlQAAAQEICm8lvuQi2JWbAcEEfexCFt2jnTqWIQ4crQ8vIbdE1KnH8YHvTHdpE2WBn7WNjuJtME\/5vnUJYGr7Co2bbwwMFxhtwsytreX0hhXyzz4vHIJFNkShaTT69RQDTl8JRvcPBZIgYN0p4T9tQtR5KgrWxun53a8fpwaDpsVIRnZQamAF5FksKmPmU+VDHaAj46s7l\/R5UQLWsjIHELWVkUgWJPFcjF3u\/de1aUrt18amXqYuviEKJrRcI4W46S8iCbN40sw4USJH8pQnZj6nCivGF420eAl4bLGwXm6OC3x9HWg+adWTmjqRLwSmzOYgceT9nM2HE67tBp92+PIBvsqUepzgEHG3NzNqVT\/Pafhaaq+0cmnUve9S0dM4EbJaQeLfm9aii2YC1tqgtp4O4kJgoNgt+uHhwqqhICVTp7KiM3mzaycQCwfuRM+YVv+zy6rjZizKBuKWJuxoVA3kGYlrH4fhE2DXXIIIDUJNv3yUKH1G+YauLqqTQ+T9sYkmCT4ejriP40uTp4WcbyE5dKED9fbNOTmq5R7sjFiWkLpWsCbqSU3p7Tdjecyb\/U0XkIAb\/RGTov\/OHhEUynnOjnwjI08W8Va5i2+TGe7WgA=="}
00428{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":195994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+muOz3e7uYAQD\/uZrAAAAQEICiLYlrRvJb7k"}
@@ -566,7 +566,7 @@
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00473{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225521,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAG4SPAqAG4iskMV91Ldl\/HR3LbulBwFIAYEB++egAAAQEICiLYls+1b4nGToybzwjlxFiIlSmpCZLTvKJaCcU4dDONFHdW6naBXD4="}
00434{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225531,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAG4ULAqAG4iskMV91Ldl\/HR3L7ulBwFIAYEB\/94gAAAQEICiLYls+1b4nGXg=="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1578508365226,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":226088,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
00427{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":235931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03PBAADIGcJiwCYjRwKgBuHZf3UxCOLg+KLlN74AQAOsY3wAAAQEICqxUNwQi2Ja7"}
01009{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":238288,"pkt_caplen":494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":494,"pkt_l4_len":460,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHg3PFAADIGbuuwCYjRwKgBuHZf3UxCOLg+KLlN74AYAOs6tgAAAQEICqxUNwYi2Ja7AaoEYUpDMueFQ29SYV04DhjKVkzrfBOIzAJy2k96xLiVPC91+TyvsLpnxRqP8LXVlOLtHcmce\/jW3zRyIMDcExOzW1G2EF8ZpU+eyftEVvJ3eZjqKjGzkGUuajzUBL3\/xzWdxJLxfPxvuu2Qzb4Nl7h7vY0jBocCuiToAim3My5afbpu+OQYLydrbK\/DJ+JWD+ptIR2XIVU8N3npHewuEofawLiLlgyh0wRr3GIvVNEZHCTIi+ycYzcVvVoHPmP9JCx46zE4KvgZkf0v3vH0ytdwn99dEwUQYNaSIuy4+ms9Tp5hGABdt1R5XienBqbiJ\/bl\/V4uySwjeBXhgxLSTJEtBgu2oqy08jjR2eUs0ugH3oxhrfgbnaIucZbZIZW\/zPPw9VcYF0qylTErTDAp5bm3mC+AQnFiWU1tU51wpYzyWvSXQta1y4PZCxQPtAjEgtcyw8Igm7lcHF9sxT11hsqO1tzEd0YNVsuGB5J19DtscEfH3u33nG4ORZiAG7Xspcj0kMeh51oC+\/aMvJ8NoXr9CrIKZJZyGrTDkyzH8II2x0SXsTYp34jnG2o="}
@@ -579,7 +579,7 @@
00428{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":238718,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouU3vQji6K4AQEBwHnwAAAQEICiLYltqsVDcH"}
00473{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239135,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGP2nAqAG4sAmI0d1Mdl8ouU3vQji6K4AYEBy6BwAAAQEICiLYltqsVDcHmZBEPBcbAj6Wf5Qavau+nh\/irgtiI6tR9CHl5eZxE4g="}
00432{"flow_id":48,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239147,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGP4jAqAG4sAmI0d1Mdl8ouU4PQji6K4AYEBxFdQAAAQEICiLYltqsVDcHwg=="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1578508365239,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239758,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"}
00756{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":246408,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFCAEkBIVAADMGdT+saV4+wKgBuHZf3UajVVdIHTpswoAYAfpi5AAAAQEIChsBC5gi2JbMoagBoDvlsI1RFYeIr1BU6AhB7X1Y1lBBp5PbNNbeSifm\/w7DNEZlWpxj166YKTICrCHQC0PL9phdL8IOezcQfm\/ZbCTmbZSjxZn5FTaF9xndT19Y+wtto5+D5L3U3YbVKclAy78hwqF3Qytv75\/e7Jo435Rnjg50musiH2pjhj+y\/ss3gyVuYjR5ZuiXNY3H5QQ5bGoRdiQL+wtfsqaFYCs+1a+ovcEGn7h9a9tj0PuRvmEjUDb3s9Y2xZ6t1Si\/goTN5bhl9U42SL04OFrAx0H0P+CQ6U1JkiSgS9gLpp5OaYfPvoExw53yu8uswsDM"}
00428{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":246486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOm1yo1VYOIAQEBrfZwAAAQEICiLYluEbAQuY"}
@@ -603,16 +603,16 @@
00428{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":269961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PEZ8L2h5QYAQEBTuIwAAAQEICiLYlvaaQoeW"}
00474{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":270123,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGWdPAqAG4I+T6jN1Kdl95PEZ8L2h5QYAYEBQdZQAAAQEICiLYlvaaQoeW0ZdzpKtiUhfhIx7WeV7\/+5iewNRxWOu\/lShzWkhuDQ8="}
00432{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":270133,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGWfLAqAG4I+T6jN1Kdl95PEacL2h5QYAYEBQv+gAAAQEICiLYlvaaQoeWvg=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1578508365271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":271977,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1578508365279,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":279592,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"}
00760{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":293591,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkOBZAADIGi1NV1mw0wKgBuHZf3U5vpma9v4fEn4AYAHr1awAAAQEICmWzXZ8i2JbtjiX8N\/UkjGHiI4KK6khM\/chT1LHox1qUiskn1P9E0bM2lBJuKEUJVzv0ZpQPhZkJpHzHtxRh3lj\/xt\/j98DYRYmrZSlFmiljtU\/TqsEKD5YcQo50QMa0zscLgJKEDYc73pDuPHAqTaZlezbGr0\/zkhv5ZN+34hCODv8NdoORc8P6X\/UXylQERF1HrCsXuxDnfTo+PpPBmt8Texgoh7A+pDFftuOC\/NzbVkocAYoV9KGW+uUqxpSFE2s45Hh4KNsP\/yh6yWO1kGOXa7wuiVy1tbbCN2g6wrbb2opFPDrladJZEav7kjTTx48sbgd7cyXH"}
00429{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":293690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8VPb6ZnrYAQEBq1KAAAAQEICiLYlwtls12f"}
00474{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":294050,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGtjnAqAG4VdZsNN1Odl+\/h8VPb6ZnrYAYEBqvswAAAQEICiLYlwtls12fk05E\/eNp2gBn2Wn2YezoSgCwsTFTQBL0WeUZCIZvQhw="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1578508365295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":295537,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1578508365300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":300081,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"}
00600{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":315790,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"}
00572{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":315825,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="}
@@ -620,9 +620,9 @@
00715{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386800,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEERKJAADcGbXoiYawWwKgBuHZf3SnE3yB7nZqG6oAYAfoxBgAAAQEICjHMlYIi2JZvGdby6dME+3x4dvya5AgCwvqTN38qxsoQG0cVajFonOjSLqEqRyBei\/9lSFrSkhr8elR6liSUj+p7b0DEsed7ZiXVa4yCEb9HejeECGlcsfrhCxUTzn3AiEDMdLM6NvjPN\/s4BZwVMKiL2utDwrMkOAfN\/Y+CugH0SGzKoHXaxPA78qQbAxrbjdN4m9Zc\/t1hGf5Wm3pbjqQuWhEervR7QU9RvZQzqMoxtdq9s6Iwi7TVA7hVHJ3h4940Itigx7bj+mWQrtUAYEE1SvseyocxXg=="}
00428{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKNAADcGbkkiYawWwKgBuHZf3SnE3yFLnZqHC4AQAfoE+gAAAQEICjHMlYIi2JZw"}
00428{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKRAADcGbkgiYawWwKgBuHZf3SnE3yFLnZqHmoAQAfkEawAAAQEICjHMlYMi2JZw"}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":408726,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00601{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":409418,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"}
00571{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":409833,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="}
00439{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":411322,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
@@ -637,9 +637,9 @@
00428{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":458850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
01079{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":460380,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGwj7AqAG4NAmARN1Vdl\/t7etc0eyX2IAYECw2bAAAAQEICiLYl6CDIEEYAdYE5LsQSZlDUqqTHDd28VIop408G8yHQ+g12SBtC4bobvsWyQ4YWXiRfGVfScHSSUnTjTpf\/+23Sz0kCTGUpeeZFIqw3JnBHdptJpv6R2QSdjwWF97DyrJFySS8bo0Z5f6iv8act5Gj4QOtF9wl7L4XXQ\/F1DNsc\/lWP2vigp16BUuZMGglwG663lAad9u0dkQ9FK2\/7\/8AOVyotPmi+JeFwCWQ8jE2NRIY\/iLlnhd84GwGpOWfGlXg2sRox3c92a0drS3o5YJyHfODCJKd193nihFVDq18n74tRhyKX6zzotiy\/kwSO6m\/\/Y8jtY8L+ZeEz+ApaHZAgbWiteJxWtEen3Z6RV1DI8tKhdynvtOMMOzz49Rx25gKK9DSlgEi54tvDDIa4VG2z8P5l1nvHLjyaLGh0LL6goab8xtTadEJUjCnY3t\/fZrnnudTuWibKhNHBZrOh1FASkf\/u4aIsAaa\/fTHS++2nsizi3dopiJ8G9PkpE7aMhPDUyHILPc8tYAJAyXN39XQYwYzL+ry\/\/lAbapCn30R24vKqkiwseOuDMtEC9yiUtZN\/ju0Qt6\/PDHFGgfGtibb9zS0CSW6nDPiDOBnf9bT0whSnVZlZ+MLutLVJqm5jA=="}
00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":461164,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="}
00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":465293,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
00428{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":465408,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
01138{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":466737,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":588,"pkt_l4_len":554,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI+AABAAEAGHnrAqAG4tqKhPd1Hdl8HffxHof\/J1YAYECxPlAAAAQEICiLYl6Y8EmDbAggEdoa9oP2cg5WbFRFp1huJY5VX6jNWR4iP8q0\/ZL+UfNj5WPNc5X3v5yp6YKaivB+gVGyrqfEZ+GjIg4XUCsubChBVe+OydG5YXSKovd4Zvd2sMMyI2oOC03c\/\/kw7hbjJ+rbBQxdWEgnQfHb5jg0KH99eYra9BRmnscjtPZ0VPLlbqSIcGOO1IiECUgTAOnr7SvcmyLFIiAGvGrvIdBrTIX76tgcsbBfHLo9eTIxNuEIPzftpoJlQRkkJFNo8lNqUk\/8C6TDddviZkLmf4HMeMlelv0\/SasZ6LuKmyQqv+6Mt7JjKWqNyxGEEereBZV30a3IwqqLc6nUseUnNUQaHuDiCR2cYJetm4kh+05RWknax3MTWGgsKyA1\/YRLowef50NB62eOQ35t\/nBtZreItPNm4cNzObl4w+R+inyZ6li8vfc3BlOL32oXm0w2h\/yO0+x2iMoMFs5E9MhSHHxNibIum2iNU6EkUL9wtesdWPyKtSi9lBYLQsSPpaLzTCSWPERK9PKL++NBm\/U676p1bFKl4W7\/Ejrza39gV8xmvOiBamM+U+6+vGXo0NysfKdV7T+LqlOjRTzZaPkLZ\/iVcI1ZddWk4e4FedK17QLh10zktBCaEDabKeg0lqB4s1r5My9st7NMBbRXcQGzOAxWryiBkdnxlPs7Ka+FwnQf3qTCDYsXMFh2h"}
@@ -659,12 +659,12 @@
00472{"flow_id":54,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567015,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABU19pAADEGZLwzoRcMwKgBuHZf3VQuhVWmV1cRDYAYAOxkzgAAAQEICj7og+Ei2Jd3b+p0Zi5PrK+rKZYwUNUYR5dfWQ7Ch8tPqncxWPhSikE="}
00428{"flow_id":54,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVxG9LoVVxoAQEB2a1QAAAQEICiLYmAc+6IPh"}
00432{"flow_id":54,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567315,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA119tAADEGZNozoRcMwKgBuHZf3VQuhVXGV1cRDYAYAOw6PQAAAQEICj7og+Ei2Jd3cQ=="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567882,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1578508365588,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":588602,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1578508365592,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":592330,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
00427{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":593653,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
00412{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":593768,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
@@ -725,7 +725,7 @@
00427{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":688547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
01172{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":690049,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJVAABAAEAGDbXAqAG4fNnrtN1Xdl9L2gYj8Yj3voAYECzDmwAAAQEICiLYmHjI+HIBAh8EpBqek9IOd2DX3EmhTksPsRZtaZjiAo+lpZ5W2weEBnKWHQDM\/F9NsadhZ63pl3xv4ocAKVGXjfFUvBKZPAoJmuB\/bOkGr6g3QgsiHYWW4nIgEAe02a0n0ReBDRxbjbJsn3\/YJNkkgYQovoW08TU6AjTqONdN8R+e8gWmUAIK267y0hhxo5hNl0QGN35GVd4Z\/bpKroxasnTUUZkl+ETbpX7go59BNWHxd8NPWnrZJ+n\/GXBxSM9qpg1W0HDKcswUAss3Z9s3Zmd9To9DkN2h1GFu9GTLUSQYf3uSetUMPRbFqweMwBGjDuUi4Bs2ToJeGUmVlej9HFA\/3l3q5JXsKlh4K6nfHNO90M333Z+K4yB+3XT9YlHc5OcItlt8wH7eRX4SnTg00b\/SfR2kVh7mbPca6nP59EM6\/KYDq82eH9brr+HSE3aYrPnJlsNz3XCf51p84McyhI\/wzB1XYQ5\/OfE11+FPNQEsgV8RT0HvxtPReFCXcbYoki0KLc2Jc+xtu0Xe8WkSgyL\/Elm0YYrrnyyUs9qBHeXfFQI+LjwWyGpDChQT1pH5jvSB+daPeHiPVeCqqfF4vEx6qjoI1zDf0TBO6NCaCEmZjr\/fUb00V99k\/SiQMMBt+sNLGDfau+mMq9DQgpnfoJxpuksbI9PhnJUiVAO2nToGCLWxbZsfxwd\/UBJ7++AIcNnzOzewH+pSqVrSWJUwQUBxeLiPNxE="}
00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1578508365701,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":701530,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
00758{"flow_id":62,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":709379,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkIvlAADIGGNFWa\/M+wKgBuHZf3V\/moIw+bH+N8oAYAOsi2wAAAQEIClDMvn8i2JhlsiWpxCVKpZuV98HXaGsGWdACwNWMp23fbiYao02\/V9U+GnM7vrMSRo6kYst9eNmf+N0ZGg\/D7iaBdnPZh1sM3xwK6i+FGvnpd+k8EB+SoEEPH7YxmS\/hnrdLBMIDHE9hEu8Gy1cWHh2elZcgreTdphnoYfu5kimzVmsUGItfWJ0YjwLpSn7qhMmCTQh7Z9lTULxymUAC+XPWvQOw\/c3Cijw6mymkgjCtcKvpI0ddb0PZwgC2ot5od\/bFPuEDBXuHa0WAw5uUJkfU3haWm0QdUn6J3nxQD044wrVPMQgwNpYTanRBjtxtTs0LxAI23dVc"}
00429{"flow_id":62,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":709477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf46i5qCNLoAQEBnNOwAAAQEICiLYmIlQzL5\/"}
@@ -733,10 +733,10 @@
00713{"flow_id":61,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":711921,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEacJAADMG+UinVnoywKgBuHZf3V5M8ke0XHG6doAYAOt8gAAAAQEICtN7SK8i2Jhl0GZhOk6I9uZwYf0gw9wiYBe3JEESZOxFY\/m1z0AQEkWN1djYWmJR7+gchVSdPtj3lJioStrlkAlGVVAtuuQvN1PH+x1cLqZzkw13SAwMTVlz+Y95LWy\/sqxH6cHOmCj9Bzj9jlTEhCM0tw+hHhonGMwnpzWUwm0tNXzkxdhOFgOOQpMCt4hQ9Ps7xeqtipIj8Ilc+12YpyvpJMhwLoo4rWR6BlGEWwLOLSEaYvf1tbnNeMkeUdqg3Ib3u4bdVcrRPygFKa2kHy9n4IwdrYPxMQ=="}
00428{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbsmTPJIhIAQEBqqXQAAAQEICiLYmIzTe0iv"}
00474{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712179,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGVrvAqAG4p1Z6Mt1edl9ccbsmTPJIhIAYEBof4wAAAQEICiLYmIzTe0iv5NXl\/jx2D\/KlQyWhxFLwE59FuHBoR1OI8ZxPbkmwVYg="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1578508365712,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712625,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"}
00628{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":736342,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1578508365741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":741903,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
00441{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":742943,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
00430{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":742990,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
@@ -753,7 +753,7 @@
00432{"flow_id":52,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751135,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGQlnAqAG4ikurvt1Rdl8erUfQBnX8lYAYEBssTwAAAQEICiLYmLCkAfwbKQ=="}
00603{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751198,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"EBMx8Tl2KDc3AG3ICABFAACwAABAAEAGQd7AqAG4ikurvt1Rdl8erUfRBnX8lYAYEBv9DQAAAQEICiLYmLCkAfwb977E\/ObWYhuqDmyfPgIPwuTmOBezAwvI5cp\/JEum7h5HFcXkmQuscOgcYwoP3pghW0t+Prm\/B8dpBXtVhybDWgUcizbPQrfaHmSDkR9NePwPwpWQOEuKKTKPp5daoVMw3wihmo6gc+IRk8r8HiVFKnnBeU3eKqpy8c\/xqg=="}
00432{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751220,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA3AABAAEAGQlfAqAG4ikurvt1Rdl8erUhNBnX8lYAYEBvg0AAAAQEICiLYmLCkAfwbYv8R"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1578508365751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751805,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
00440{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":752998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
00428{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":753063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
@@ -793,7 +793,7 @@
00714{"flow_id":66,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827688,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEZFdAADsGznkj6yXYwKgBuHZf3WOqScYzXfG1roAYAfkJoAAAAQEICjUhBdgi2JjesSAHdzO5xunIQpnmN9FX6FS+6+b+rlWAitKZqUsN4JlydDNh8mjvrOyihrLOXJTVyZdVGQVit5m7jfF9BmqEeWNzhIvRflyWm\/7rbphV1TB5YWg8EYXCYgXZjCll5Gpz80Qig1n\/Rrb7wvvj2u967cbqB6Ft0QD6UJ40QYYPNqui6TpHdf1eozH\/E1Yn4adzsVtU5tcU+qCS92tdcfxlyUViHe73BxjKps79HdJ2C8FnJ9y7CJbKLMAda6BPUcVByhJgxZhvbPLj9qCx9aOCRA=="}
00428{"flow_id":66,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bZeqknHA4AQEBqKWQAAAQEICiLYmPQ1IQXY"}
00473{"flow_id":66,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827902,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGLoHAqAG4I+sl2N1jdl9d8bZeqknHA4AYEBqCzwAAAQEICiLYmPQ1IQXYxmUj79op++5WJO44HUqPuDNYLWB9AuJOPqqc\/gMDtt4="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1578508365828,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":828265,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
00428{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":837105,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0q5tAACsGiei2oqE9wKgBuHZf3Ueh\/8nVB33+UYAQAHo91wAAAQEICjwSYk8i2Jem"}
01092{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":838947,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIcq5xAACsGh\/+2oqE9wKgBuHZf3Ueh\/8nVB33+UYAYAHpECQAAAQEICjwSYlEi2JemAeYEOFCoDomJpGLeDJQ7AD4gQWAw\/fExrgJLefLaC9Xp4QZKgPOYtoYKSLvC2B0a614x6+NWZNtV6HiBjdMsZDbdolHQ7JzELC37ylnG635DqDVSgHSvy3lh2NfoniEZfAfH0cEIiUWbe3mPyTPe6vTdxkhO4RfsSeCl\/Iuv0aPuaOjPapzEKrdgIX97jXJ7VdfIECX4djICMGTBhet8wSyTQzA6hSIiU5n+3hFHmS4KopsAX3K3nhQBVScbt+VlKCGzYcIM94qH20W4U5\/bSAv22yO5EZSl9L2SBS1fUPL+EHCWZd5y0xwwjB6fGQ57Pqq\/QaZo5vt+RxCYfTtCT+rgwHESoJSbydmutp839nAHLxFv8U\/sulhVQGHtPDKKGWpvluVQvKv8yffG6WmH083mBF6i\/TvfA1Ai8ObQP7DDyGRPV4A9tvK927LKkSq3Fy6Q+WMHRlkmJiKtSH0ePIcOW19v9o7oR\/EBj4+UAzku5MRdXcJ3EJEnyVDe1T1h6AOYr2KqlQUrTNUgPVr9WpA7AsJCBDGWItCB0o3cOywzU6MfqSdN4cAUlYvuBuffQ4gLyo\/Wr32TQhogtgqsZ1ASnhilAwuU68iuHCPoS4jRbh1o6TuKRrtjI7CjSC75sywdKhLgC24="}
@@ -806,9 +806,9 @@
00451{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839812,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2KDc3AG3ICABFAABBAABAAEAGIHfAqAG4tqKhPd1Hdl8Hff5xof\/LvbAYEBygxQAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+eA=="}
00622{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839868,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"EBMx8Tl2KDc3AG3ICABFAAC8AABAAEAGH\/zAqAG4tqKhPd1Hdl8Hff5yof\/LvbAYEByf\/QAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+htnM9YjeCBpeUlMdaGr6u0okHbghKJ5iKuG51mCVFuMQDYcMIeM2B3nAaB6iRiZuIcnO\/vYn3SJ3jO3zGU0sB0k4gNoAfMCVJUpE5SiBRxJHYfHz6RHc8ehuJQ7gaqA+Vx+Z9SWjcFEMdNLt\/KKwarHUTmi9+rCEAZt8oA=="}
00451{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839890,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"EBMx8Tl2KDc3AG3ICABFAABDAABAAEAGIHXAqAG4tqKhPd1Hdl8Hff7uof\/LvbAYEBxHrgAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+G5i1"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1578508365846,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":846680,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1578508365852,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":852452,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"}
00420{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":881659,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEm9AADQGZggj5egTwKgBuHZf3VbzHyaN6OsKtlAQAOd\/jwAAAAAAAAAA"}
01000{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":883657,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHZEnBAADQGZFYj5egTwKgBuHZf3VbzHyaN6OsKtlAYAOeH\/wAAAa8EmQomFbi70KhC3XxE72DxBvD9p5iLXoswYW6\/gAhAtcBPdy2IF4g6Zsq5L6mQY1FFDy9F6hOmLuhrR0m1YC9bU6dTqjuLL2diEP92tYsMIrcMmOhv8kWba3QViUQKRuxX0IClDzcDI3xHcm1ntJ8uOsPuOF7huyMD8urSQEnC7vb7AuArLdhIhwaVFvKSE3pYDW43iQm8hmM+xEqITniENZtEQMMAmoRwZwcStvSG97fzWbjIG36BdoGU+IpEHCoOJxR3Y4j4RDxqPo59MtZWDy8AYJks3tkaucKHsJshQsMnyYdtLPVGI\/sR2jxV3+deLU+5QQ92are4rPfF+ZVa2vfdzFpjY7Iuq1MkKIkebUBcatJYe3q\/PvAKwfKCxCzRNRWB9ntGSR8wu0QeNeIenGMExE4V2FmxPxXRzaRmHYpEhIrXz6ppvQ7wtTTufbdh+bi1s01fgpRYVksPNqakCjEoiT1qGjol4PpRaJlQOJQjf2DZTcHYLuRtLhaFTkJ+inH0azYx8Y5tTnN+XI3D8kJ8RSUWNU4GKv\/+B9nt1rWrdutj6m6j\/iOnVThJZA=="}
@@ -821,7 +821,7 @@
00414{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884334,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wq28x8oYVAQH\/5epAAA"}
00432{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884440,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1EnRAADQGZfYj5egTwKgBuHZf3VbzHyhh6OsKtlAYAOcChwAAPNB3aYtxQoCP62kIAA=="}
00414{"flow_id":56,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884469,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wq28x8oblAQH\/5elwAA"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1578508365885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":885366,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"}
00427{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1751,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":888301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TipAADEGo1NeRDeiwKgBuHZf3WKbomHSWAgEF4AQAOtgdQAAAQEICmkX6uci2Jjo"}
01114{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1752,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":889284,"pkt_caplen":570,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":570,"pkt_l4_len":536,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIsTitAADEGoVpeRDeiwKgBuHZf3WKbomHSWAgEF4AYAOsCFwAAAQEICmkX6ugi2JjoAfYEfPh5MrmObWsuLcvqinChq5GezjbAjlW0JZ27Go0F7k3xuihDSFEU0yi2f5uu7VSsIa9gYq0vfpLLYg+8a7mnqYafh2s6S7p2xg6Mtjlskj6mN+Rz68sJHZN2s6w9KGc7y4JA+jMwLBLYs8\/7FGRICdElFj6R1I1vUUWgk1KChmZhc6oJJ3aZ9wSqIxUqhUAWDqLaHkpUHIYz8caq7+Qf4RM\/Ife5u2GgEt9h6n87CaTIYjZ1icZ4+LFwI8\/6rhZ6ePhM\/pfiOVr+0b22J2AGqnHinspoEPF5Ri4drhFdX\/esUUM2PA936wbK8AtKEH34droaY9VEuXJPqnQca+sEMUZk8I0exXK19e4YnWJoF0TX\/RZyB\/HAKtcB10UdrcDPdxtbLCgOAEQ\/WB8yMfsLHsqWNnxQiMOwJJi3DLOzxI27vsPDOkraVydyNxjDxi15cxb65bqHOnEdjoIWTE+dOu79thyGowh11y7AiwE9cCMWbI4IWHtt\/c3ZpEwukSPjTbUm92e8ceA0\/sHG\/xLh5qGMKZBTt3CIiaqp2BpgyMIKHhsl4HMIgXKa\/EBOOSpa0uuKUTjfSj2Koe9PjHUD4d1VBWtDh03833QakssG6c1qooHrAG1RJCUap1uJSFAsVA9WAlXNNEBQHhGq80xRFlp9wXrj"}
@@ -839,9 +839,9 @@
00427{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":903403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
00953{"flow_id":68,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":904731,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAGtMnAqAG4I+SeNN1ndl9FuX9bssfB+IAYECwuKgAAAQEICiLYmTmAlezxAYAEAI1WBIPOD+hvKzPihfgTsOhWByW+C6Yhi3aeyyxqusCgQH9q37FRiEsngnOCMI7rJEwEPvgUNolGAytmmnyJRsIzn8vdMIkApueE7gMLi1YpwTjQaWrs+8xiJzorrCETkzisBPhidyCcKQ8Kr7fMnn0S3bt2fTuis2U17aEnv4rA7qNEJ8\/qQ5MkfWeXh5GUk7QhxTxf6VWzZJ9gCVFp1hgqpFInxoD2RNquVcofYzLkoB5d9NYmXmMCB\/qQogZwzumq7QPVd1imlhdTGHBWnP7S8KIIuUh8Qbp8ZLK2AYPjY11xLDym9J5RNBVK8mtNpRXDXJTPh+QjbCzaLb0dMDVQlgD9QBs\/WLOKpoOvhBwf3GhqdniMnF2B\/RZcNkHU\/1mz6h1baVoqZvvLDXKFuU4QXpkwBNr+0pNztLGHhSmPsjE71AWc7lo\/1OrevhLNW+p2gRC9\/GtyljgFr98tzwExGKsXkY2VdoZiaj0TAL+A8kThPoEqTVMfwZ8EVYI="}
00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":919739,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="}
00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":925923,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
00427{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":926010,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
01115{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":927412,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":568,"pkt_l4_len":534,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIqAABAAEAG1+DAqAG4z7TO2N1pdl+dzwtnJw8AtoAYECz3aAAAAQEICiLYmU1cfI6dAfQEOtheYzZ3ToHpdnjPq+WTlV2N5YhX4HNfpe1NKrOUZnLF1eT\/PeeoMMIkKh\/DkVHT5erq5iLxOcqC8dq2P9yyBVP9NLipJL+0WTRaDCfOFiHp6eQuX4fc\/C1mgNozcW7bne9FJjl4PMHYYsSA\/cfk1Po4ifI83DgcIadRba3\/Lpfh5z5yYHFNZEPI6DvXWQgpBAp9MWZRHnK2h7WjiD8wEOe0ez0HD4JoWp4BbpZF8LYgL+gBjgp8rckk6fDFLIv3cC+uMNaFnCpqhBSZxmJH2km2+BJaGY+UdVvSlXi0QiW+WPWdZRcj6\/HDQ+zbwJU+0pKdv4YBHcLU\/VxaaVCQJHVrxSqBXdw01gj0Fp50lJVJ476zGKf92Kf8jOUW82E8kedUehXGuJZQ47uAEanwY6caqald0YLfNWDjPm3lcpaCUMfI\/8u7BO6+\/8zCh7WVaZ28LT8I1ki9SGCivJoHRgKXEqq+ENPd3dhz\/saYb51gTVsfgiuDB5cF02dKphNqRedTZtbSueN\/+dPjnDlI3fDrLr0zByX8auwNsXlmkWzsTEMlwd\/or+AvjTG8hkunghjoOmGqza5uwUKQUntCo9BS+5Tk10Nb6kYc7gwSsd\/9zPpGEYJ7vw4Rv96NsaInOoafZRNhi0su2r64NPkrkLStyQ=="}
@@ -868,12 +868,12 @@
00712{"flow_id":70,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4677,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEojVAADMGQ9HPtM7YwKgBuHZf3WknDwH0nc8NXYAYAOvksQAAAQEIClx8jusi2Jly28iJfqlnMu83LDC0xfM0r0E5TfT75slEXNEgJtxw1Uh1n1c6RZA0jKvLXongUZeEzF1o+6qT8VGaLqdNX0XHczpZi\/6FmmSm2rKhKy75HrF6fiuwMO85wHyVZ84xLnyt3JBC7I\/KTgittaNvVG4UACTsfigRc86McQ+KCKyIUyrK74yEU1iFP8wyLKgfocUfkq\/7Hvaj0xLc6aZwUbnRdEQatoYHlWB8VjwawanY1hqJT5m79uBHezOp42ATeQPGjU++4M3MyksCxtsjgS6xfw=="}
00426{"flow_id":70,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1826,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4708,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ojZAADMGRKDPtM7YwKgBuHZf3WknDwLEnc8NfoAQAOtERgAAAQEIClx8juwi2Jlz"}
00426{"flow_id":70,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1827,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4779,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzw4NJw8CxIAQEBs0ZAAAAQEICiLYmZdcfI7r"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1578508366005,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":5550,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
00712{"flow_id":68,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19399,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEElshAADUGKbMj5J40wKgBuHZf3Weyx8NqRbmA3YAYAfu5ZwAAAQEICoCV7WYi2Jlw\/VchYp9WnJ3+zFkHxCjUeSKKubwsCzHL8F3dpFfOBNfc1Ru8d+rMRG0ACVM7R1aP0Gloz4D2ImwPGrOpgt0zMlapCRo9ZRaZwSOxFvB8eNy2LSd8kKTMGqh12atHZD5B3DUxSi8J0YaA2ELuoQ1aoKH0GJe+pHOdo+BX28euGlBhzdLprYhTDnJtBBdM7lhPLxIaWTScqzqpqavJcB8EkKzLl+\/jsfVtsUmAzsLvMxRboV5sZPMkADF2JBssusdztVyBiuAhngXx6XyXilkCRQ=="}
00427{"flow_id":68,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuYGNssfEOoAQEBklogAAAQEICiLYmaSAle1m"}
00471{"flow_id":68,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19814,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGtivAqAG4I+SeNN1ndl9FuYGNssfEOoAYEBmgbwAAAQEICiLYmaSAle1mKsWiTIXS5Mc5RUOD6OkYbREkfBTkkeSNB0THQamLANU="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1578508366020,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":20357,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"}
00444{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":29471,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
00751{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":40439,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkMZJAAC4GdhdOL5ObwKgBuHZf3WHPYyUdMSmd0IAYAOwP5AAAAQEICk8n4Qoi2Jiz+WuEmVeTussSRtxNbHdPT1uknZCO3iddAUlEGG7lnqrwBDdgCsFPrF1yK6ImtV01Mnntqk3rvSImsW63OFSPlrCmXlcGRTibgtIkW4MDAJ\/AskVpKnUkjiuqdygkabvXTvkGzMSN1Eh8OFn9iB40+j0XyeJH1kkHBTI6eXW+6BehVc8YcucnQzoL5CQztC\/0koPs+Yk8vxJhNzXXV5aGmau3sxddLaJmY9GhZD8VIdI2h1IErpT6WMvnh8eCeOKCPxhisAX1TQiJjBTFThGrygeqLrUdvV9y1dwohRW8iWuHHiTfXIExtJCa6VnA0ZYM"}
@@ -912,7 +912,7 @@
00431{"flow_id":57,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":71354,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA3AABAAEAGD9PAqAG4fNnrtN1Xdl9L2gjh8Yj5JoAYECDQSAAAAQEICiLYmdHI+HOMxwkY"}
00451{"flow_id":57,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":71381,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEAABAAEAGD8bAqAG4fNnrtN1Xdl9L2gjk8Yj5JoAYECA17gAAAQEICiLYmdHI+HOMGATc1lZhbFAlvJTq3pUoiw=="}
00471{"flow_id":57,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":73178,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABURYVAACwG3ih82eu0wKgBuHZf3VfxiPkmS9oIRIAZAOujxwAAAQEICsj4c4wi2Jh4rr7DuxmIwtJpSsrQz7Sxem3AKUGCV5rPSZt7ukB2XoM="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1578508366073,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":73881,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
00900{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":81054,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGPMZNAAC4GdatOL5ObwKgBuHZf3WHPYyPCMSmd0IAYAOyIdgAAAQEICk8n4TMi2Jm2AVkEJZ5cU9MDJlBNDXIXztcPdOBLHNvcRoMXO83z53y6EuOfQkNEaKSu\/v3bFSWa7m2knZBnXbPEG8LEd7zNzLvq0HuwDTEJvABQSpScSTfbunVx+nesDScVTsThcpgMBRsm\/08NVVKIMPuc2AKyxl669J8d3GEVarD8GV\/EIyM9ZLqOa6j8ekumxdegV\/\/6qklVQSG4bNSUMxfvcWSgwTfFLd2HaDulqveu5BLerLUV88uiiA3nrG+sP4JoJ2uQ36SChibpDPJ1lrBC0ph0F6YhErOQMvl6dV58POnN8fRemxFRZwJjMHBNJd64lHI6go8F15WqN8dzJXcZzo35VrJ8t\/BChothVgx0RjzsDg4tEqHlAb1N0FiPcY8b4VfHYiCdDuWGGnUD+6IxNFpsLDw2R3DhsU4MWB17W375bxlkAwsDtIh5jzF0T3lPmEUNSkfiKcoj0WD8\/Pg="}
00426{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":81149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZ3Qz2MmDYAQEBm9QAAAAQEICiLYmdlPJ+Ez"}
@@ -961,16 +961,16 @@
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Web"}}
00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Web"}}
00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -984,7 +984,7 @@
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}

2
test/results/exe_download.pcap.out
View File

@@ -1,5 +1,5 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":4796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00419{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324116,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324323,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}

2
test/results/exe_download_as_png.pcap.out
View File

@@ -1,5 +1,5 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434903040,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":40298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":440451,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":440784,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}

4
test/results/facebook.pcap.out
View File

@@ -1,5 +1,5 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1472393122365,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":365661,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668038,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
@@ -18,7 +18,7 @@
00950{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":993660,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"mAyC0zx8MFLLbJwbCABFAAGz4NZAAEAGjZPAqCsSQtycRMtiAbv14by17B3\/2IAYASjMgAAAAQEICgBLXHm7uwlzFwMDAJgAAAAAAAAAAc1QwtVeiDayGp42RLjeGVZj7uusHrtykGKrYSjjNBGdfytHTjX9BqGrlhXFHpRI5ItIqF5wbI3Nqys0ptk4tAzrygmznNhWxQoPu52Y\/2q5ev1hTqM9zVAYO69k9ViDv4PGfZTA\/mKDh9u35bh5+5Lc+9VnxzGiacOoCBjoFoHl0efTCcO8J9jn5m9LpinK4BcDAwDdAAAAAAAAAAI++\/8fKkykP9LN2diw\/ZLeccHIf7AmammL3LSyLuG0NLtQIzrm3wKc263vGeN\/FtNieDg6mLxo5Stcs0lEBjR882KaYUmxO7s+M7nLDtv9QkHTeOCqHja00h\/9SIxm\/cBIYs79aawQSgEsMqI6BriBpjfnVPwivJ2yY2AOlfd43Sk3tdCCAEBJBDmKf2K49XMIJLldx3c21U\/bO0GCSz+ps54bHcM7PzkTD8mhzMUCbgFfPa2vUMFnPfXJsl3toBxWZxDo4tx04+z2k4vusMRjzjy7x\/o="}
00782{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":391297,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"MFLLbJwbmAyC0zx8CABFAAE2+h9AAE0GZ8dC3JxEwKgrEgG7y2LsHf\/Y9eG8tYAYADvLfwAAAQEICru7CtAAS1x4FgMDAMoEAADGAAKjAADAFQiR\/u1qMSyuiMG2jw0zD0BOx2ZEoC+h5yfZ\/aHoiKV3agik\/rOIcv8JwkST852oQ+ROkK1rjV\/TZjXRBB5lldDYcaKy6KlnuCIAl26B6voPrnm\/eMncwrwsOJt6ySPFwAoK1XUVBKrtRNpVUB9MB3kJyjmXk0vHN8sOa8PKBJZkPxVqY1F\/hstlsqgEtyaTW5BmX1FNIh7VpSwUBZ+UWIhRtcJRMowhsds+M2OCtUGV7eCAtsg9z0MSUxkUoQaXFAMDAAEBFgMDACgSNvkDis0ZoSTD4XoWdCm\/HywniGJgJMyf0JxvM2W\/MIyhKa7W1\/lx"}
00536{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":391325,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"MFLLbJwbmAyC0zx8CABFAACF+iBAAE0GaHdC3JxEwKgrEgG7y2LsHgDa9eG8tYAYADt+fAAAAQEICru7CtAAS1x4FwMDAEwSNvkDis0ZotYDEUHWuujm70FV+TWEIePaonjZDsqD2mGpm1zTEdYm0dp9+D54ih5TgReTCCLrCeU6vVxFhqVpVAMMpplemlzSyeZD"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1472393123550,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":550766,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00436{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":682883,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00424{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":682902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}

12
test/results/firefox.pcap.out
View File

@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620927997754,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":754367,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":781073,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":781165,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
@@ -17,9 +17,9 @@
00423{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":50715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1RAADQGLNOSMDoSwKgBsgG7yXkJiZ+ImZovFoAQAfqbTwAAAQEICjwgCDw0DJV3"}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":50744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1VAADQGLNKSMDoSwKgBsgG7yXkJiZ+ImZowmIAQAfeZ0AAAAQEICjwgCDw0DJV3"}
00839{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":52053,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFji1ZAADQGK6KSMDoSwKgBsgG7yXkJiZ+ImZowmIAYAfeLUQAAAQEICjwgCD00DJV3FwMDASoP9FuzT+77Tm5LhnbV9Sewvckun\/o2cHeV8a0PFUdl0epVn0JCwFYw2u\/995yNitv5yqlG3GEkdm7UQiE9Gi2Lm11MZMfOgzEgGE7tw4EPD8NZfoc6KvKG\/EKi6HaMMu3xTVD4KckhI5IBXrC17xJ4Uq4V3k6\/I6pJafhgUUqVWwtMNmFdARevRhzVgfwjOyXIBSlW9Ra85a6B\/grdRfOZaeMI6dFx1FiRZelQc\/jQwre+wP8hT6TMxQFaNGfY8VBcIXSI8jl69MJKva8P9fOnLuAZG\/Rwz8J9BdVkLkplzI3gR299zmDOn5UdfaLW8sI6B4r98nQKcfNz8mVq2oAjyRFuAPgXVurS5JVSEW\/klPnjhWTjh33GGXx5iwA96\/zoTwtThauP6NiC"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620927998782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":782772,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620927998806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":806443,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
00437{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":817178,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
00424{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":817261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
@@ -50,11 +50,11 @@
00836{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":911947,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjdClAADQGQs+SMDoSwKgBsgG7yYRFBnpwQn7cNYAYAfj9LQAAAQEICjwgC5o0DJi7FwMDASq1Z21pVej08oRQ33gsiycooX\/qwyUvev3W+EPfcGjvVO9JhzFuy2DBGRIO2MK9lSnS1UqRIlX3S4qebsjbG6GVGGb+eaULimNqL1uOpHpd7i7MboFQAi7T1ewXVIfToeO0ObI\/sRMmCFDJrtQ+kuQyavR7WfuM4SJxRBdul0W3wMHIgSgR9nosr8A70xlhXb6U9xuljJlEwj9HCd4i\/zpSkGNw52bdzbhTaO51+ikeuIBkKiuFPYRNJ6jBZ7ENOdwwZ76zFXMP5\/8RyXMnn0KWhWzaHPst0DDJAUtRPbqZOELHfpHyfzQ\/vXqZ+IXJLX++3wAScwC1USx00ZTzVDqAfNlaJ+WhaSzC+V0W+1pKmMPU8oBmWcXRzHxYI92eERGGNuDx6lMsQYHa"}
00424{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":912007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftw1RQZ7n4AQEBoY1gAAAQEICjQMmNA8IAua"}
00928{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":107805,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGjAABAAEAGqrjAqAGykjA6EsmEAbtCftw1RQZ7n4AYEBo64gAAAQEICjQMmX88IAuaFwMDAWpPmDd\/2mec\/g0XLq+a\/iK47u470VOnAOBzHqZ5iADOy3G+\/xqwv9Lw6TjOJy2DQ+qWqlvLsngR9kgj9m6jhgNK4WiBnS7HxwRm8JqdUqc9OUGEvUOTfFEwHvm010Vjor+4qrXkLfPrMtP2PZNWpd5v36cislsIlIgHuIuZRmKae9qItp5qscFjx8lq1lqP\/udjpAGKCAy8Z5UFUFntqty5Oe8XVW\/i4SBCCQO0bpSmXSulKfU7RUcEAbbbXTTthpXuYWgfxjpd0PPiJnWS1jKDy9RROlWcfftDOg+d+jiPKHYfgorVRtcVRPUHIBZizJQd2ft9QejQpUsSnYz9L+pz7pxV25xPx7uhYcK9GFtHzACJ5URhvJOcpgX0fVPIbS40WYq2FktCwPn\/67Axd0DghuvTF+IHidqexcc+6yUb\/lvv+mbMeYRV4SdMyQVIcMv6MnMoCcLSFU2DRwBzKkFrnmKP7Kl\/KL290w=="}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620927999109,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":109976,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620927999111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":111334,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620927999112,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":112216,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
00426{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":133337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCpAADQGQ\/2SMDoSwKgBsgG7yYRFBnufQn7dpIAQAfYkAAAAAQEICjwgDHY0DJl\/"}
02251{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":135180,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVwdCtAADQGPsCSMDoSwKgBsgG7yYRFBnufQn7dpIAYAfYoLQAAAQEICjwgDHg0DJl\/FwMDBTf4RbFzY54J+vYB9UvY7JPIz4c2Nsd\/Cu\/PL2qlhn9gpXx9tL+kYzNOCshRsGn4gZBO6QyTq4ipgSfvYsMXHNSgsK8584S0CgIPjA6iTkFoAq20TjOv\/YPqFXClQol7xgr9Qeubxu8ZdimZ6plwGQ3pmaLhPA7Povv6fqnXRgUT98Wcj2L7VeeXMG\/635fJsIGoFSgwg9s85c5iY+1\/aiQAlFf8G8RMoC5iDaQkSSgbWDsHikthXlhUiGVQBm6cC8Vtj9HC0y02tp004YKV0Zhw86vfo2Xu6XOy5YPErjmvC7PPXC8QAisKHD7tcbqB4SvkESKRdMKKzsueKxLV+IVKQxFJr4mQvzZsEb8e9zVKE+tu7AGoKhMEK3xL0pvZZrbgK1jNdckXzgBCzEO8YQNW4Uqey32IvyTSL1Rjnhi3LAInoDf0LfvHDgwv0Ak3IEoR8jaq\/sZxX00zeNCKHckA38RJq+kipyLTC38+JlDrgEoXDjFWWFyEtVAMtmB8nY+XcU5XC7VC4CFmcVE7JKwHYCtwXK6wTC2f5avciRsXbyG7Tokqad5MwxrIQgctYYO09hCFG5Eg767N1cr\/50ULAH97h+PoV8QrAF60O+DfVhBjXEHwSfWPtH+G5PQy5GVJsHeoXgi4nRMzPGR6OAZBFmfRWPY4qz\/KxE4\/mSIL9oVA7xJ0g2L9FgChE0XhM4mswICv72LU0LOcCRiaM1In1UVSefiZ3rlAsC3Rk3ZRnWOSlk\/GfQ+TzI60GNQWxbTQaMpmBsMpPuDtxg+UUmj3GnFzLk7y2PneybdZkqEKjhDP8sVjoWyr0E\/cSTCjxOZiPr120477wtXuXx3I5ApwxOmhmEndpMPopSbfmy2TJq6UArO42ZcujaOo5\/T6kl3ag8\/Ke7AnMLku0pOyZLmPzbCbpB346uvyCZpiMxDIa74UWV4o5P563s6wJC3Fhxyd+K7o8KcFesoXfQK4bK5U7YI1A0yOqRqu1re3rQPBe\/Mw2tCDwGZRQiV5rXNgz5dH01qsxrE49DXADIo9GmrhI0jDkz+IItzNGiVJGRYIxhH6Lk6gesd0C95AffW+DwaOtbsTSyi25MJYY8tdosZOUnk4g8PuY\/Hdj4X0NrkLhqieLDYvLf5hY0OSjXz72zCl9mJXsLvwnRLyhIc0IdeTpg6aQk+9pkGBbkbeGKRCjFQA\/AIlWktGIXpz7Gyf1PW3sh4hfq0Iq2eB0h1SkeiLLibZ+EfGfqVSyw+IvkKmjdoHwc58x+I895LBdFV4QQlRZunKThp6qRhxfEdbQfgxoFuORdt89Nvc\/p7\/NUmjVOyBc1F\/aRH\/tnRivRBRLtn2LPM7P\/m42lno1PLPYi\/BZY5AnNlJVJE99Qy5nOHeGJ1lWIief8aIncjlfTmv4Ibt+DaQJJqTAUYhhSbUHVLJGije+Sc1\/qj\/Q6bm5gfeMUvskDONatZmpqzhK9TelbRzQ0IDpXSrxtbX7ycFPSM\/l+HoN+13utecbUHrz6Q4KZfDFai94Z5a4Nqk2L+H\/3SFcEvq0TV0L8Cb694C9ux2XB7S4K0mJl0+JZb7EErvvC4f0WibiuCpaB94Q8jUe0gE0FDPs1CbkRk4rH6TWGV2y\/\/blWgkOaJ7nz77T8TYB8SyP1\/LW4irJW2oXfwgetKgu3bfVn5m4Sc4Ux\/C0lEhtFO\/XTJgG12uixlVZZAoEC4+76EUPjIDAQ4lXNzcRBMg4U7nLjJk+tgWLXB\/iMYZVhX2jeAczAjxodvGRjVtPiBpumvMX7Y="}

48
test/results/fix.pcap.out
View File

@@ -1,21 +1,21 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":242949,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
00457{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243242,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04y1AAEAGeKrAqAAUCBEWH6pKD6BFDWoBN22A+4AQ\/+CtKQAAAQEICuQi8\/bKviaM"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":264927,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":265074,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301176,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00413{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301346,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00515{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301518,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00526{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301555,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00421{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
00566{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":353604,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"THK5MeMlACJNe\/gxCABFAACbilMAADIGAVXQ9WsDwKgAFA+gsgqYEHFBy+C1D1AYXjh7AwAAOD1PATk9MDAxOQEzNT1QAQBgAAAAEiZl+XgqbZqYOD1PATk9MDAxNgEzNT1QAQBIAAAAEiMAk8A4OD1PATk9MDAyMAEzNT1QAQBoAAAAEicA\/o\/4Kj\/T2Dg9TwE5PTAwMTYBMzU9UAEASAAAABIjAQ3SOA=="}
@@ -25,9 +25,9 @@
00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":365237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQZAAEAGvtHAqAAUCBEWH7tgD6AYvaG2cL\/HzIAQ\/+ABaQAAAQEICsPYIunKvicG"}
00422{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":365361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQdAAEAGvtDAqAAUCBEWH7tgD6AYvaG2cL\/H5oAQ\/+ABTwAAAQEICsPYIunKvicG"}
00414{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":395535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPlAAEAGESLAqAAU0PVrA7IKD6DL4LVlmBBxtFAQ\/\/9maQAAAAAAAAAA"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":440420,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00413{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":440588,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
01023{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":444758,"pkt_caplen":511,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":511,"pkt_l4_len":477,"pkt":"THK5MeMlACJNe\/gxCABFAAHxilUAADIG\/\/zQ9WsDwKgAFA+gsgqYEHG0y+C1ZVAYXjjFugAAOD1PATk9MDAyNwEzNT1QAQCgAAAAFQ1XhioHoSAAAAASIwEGMRg4PU8BOT0wMDE1ATM1PVABAEAAAAASKj0JADg9TwE5PTAwMjABMzU9UAEAaAAAABInARVzWCpMS0A4PU8BOT0wMDMyATM1PVABAMgAAAASJwDYalgqas\/AAAAAFQ1XhysBQG9AOD1PATk9MDAyMAEzNT1QAQBoAAAAEicA0Mk4KnJw4Dg9TwE5PTAwMjABMzU9UAEAaAAAABInAKMCeCp1O7g4PU8BOT0wMDQxATM1PUcBARAAAAAQDD\/xesxO+IuXAAAAAQAAAHkMP+sGt6ol2NgAAAABOD1PATk9MDAyMAEzNT1QAQBoAAAAEiZWtzgrAKqjmDg9TwE5PTAwMjABMzU9UAEAaAAAABImNWfgKwC55dg4PU8BOT0wMDI5ATM1PVABALAAAAASJjCRmCsA0Mk4AAAAFSMBA2ZAOD1PATk9MDAxNgEzNT1QAQBIAAAAFSMBEqiAOD1PATk9MDAzNAEzNT1QAQDYAAAAFScBA2ZAKwExLQAAAAASJk8WGCsAtxsAOD1PATk9MDAyMAEzNT1QAQBoAAAAEiZtmpgrAKfYwA=="}
00414{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":444934,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPpAAEAGESHAqAAU0PVrA7IKD6DL4LVlmBBzfVAQ\/\/9koAAAAAAAAAAA"}
@@ -50,9 +50,9 @@
00528{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":597948,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"THK5MeMlACJNe\/gxCABFAACBilgAADIGAWrQ9WsDwKgAFA+gsgqYEHTgy+C1ZVAYXjhSGwAAOD1PATk9MDAxNgEzNT1QAQBIAAAAEisA7ILgOD1PATk9MDAxOQEzNT1QAQBgAAAAEgVVWCMBaV+4OD1PATk9MDAyMQEzNT1QAQBwAAAAEicBYb6YKwD0JAA="}
00415{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":598146,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLP1AAEAGER7AqAAU0PVrA7IKD6DL4LVlmBB1OVAQ\/\/9i5AAAAAAAAAAA"}
00483{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":647685,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"THK5MeMlACJNe\/gxCABFAABgilkAADIGAYrQ9WsDwKgAFA+gsgqYEHU5y+C1ZVAYXjgdegAAOD1PATk9MDAxOAEzNT1QAQBYAAAAEgVVWSIPQkA4PU8BOT0wMDE2ATM1PVABAEgAAAASKwDk4cA="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":654913,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":655079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
00541{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":655263,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00518{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":665470,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"THK5MeMlACJNe\/gxCABFAAB57E0AAPUG+kQIERYfwKgAFA+gu2Bwv8hFGL2htoAY\/\/9dtAAAAQEICsq+KDPD2CMlOD1PATk9MDA1OAEzNT1QAQGYAAAAPxVYGakAuoAAAD9SAlu8AAAANAUlSCUHog0lSSkBDwAAAD4FWBgkYigrAAAAMCAO"}
@@ -70,12 +70,12 @@
00529{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":141942,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB\/PkRAAEAG\/3\/AqAAU0PVrA7IQD6CvTC8G7GURIVAYo64pmAAAOD1GSVhDT01QATk9NzIBeJwNxzkOgDAMBEDtg4i8jpcckttI\/ICWho6G\/xcw3fRcx1miECPNQqhKQ40\/iuaQpxubyXzjmOrTB0jP+3of0JLa8QHdKg3Y"}
00404{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":231279,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAoyzYAADIGwOTQ9WsDwKgAFA+gshDsZREhr0wvXVAQWgi7NQAA"}
00587{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":245077,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"THK5MeMlACJNe\/gxCABFAACs6yIAAPUG+zwIERYfwKgAFA+gqko3bYJGRQ1qVoAY\/\/\/H0wAAAQEICsq+KnbkIvTXOD1PATk9MDEwOQEzNT1HAQMwAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAABfIMQERMzLwF1SwAAAABAAAOIQxAQ3Cj3225QQAAAAEAAAwDDEBibrhgmZ3LAAAAAQAAA44MQDGMzLwF1SwAAAAB"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":320014,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":328857,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00424{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":328967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
00414{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":362185,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
00452{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":441940,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzcAADIGwMDQ9WsDwKgAFA+gshDsZREhr0wvXVAYWghDRQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
@@ -84,17 +84,17 @@
00415{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":942754,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkZAAEAG\/9TAqAAU0PVrA7IQD6CvTC9d7GURZ1AQo65xSQAAAAAAAAAA"}
00507{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":422176,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
00425{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":422362,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9dAAEAG7ADAqAAUCBEWH5\/WD6D+vKsbjSdUsYAQ\/\/\/e0wAAAQEICtZGrcDKvi8P"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956116,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956292,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
00529{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956474,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
00477{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":21192,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbUHoAAPUGljYIERYfwKgAFA+gn9aNJ1Sx\/ryrG4AY\/\/8jgwAAAQEICsq+MWbWRq3AOD1PATk9MDAyOAEzNT1HAQCoAAAAClkI5OEMBKcgnRAAEAATiYAA"}
00426{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":21357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9hAAEAG6\/\/AqAAUCBEWH5\/WD6D+vKsbjSdU2IAQ\/\/\/bogAAAQEICtZGrnPKvjFm"}
00405{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":50148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo7\/0AADIGnB3Q9WsDwKgAFA+glvYLJrDIYuT9jlAQYmiNvgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":353296,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00525{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":353689,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
00407{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":404609,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
00478{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":567320,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbkAcAAPUGVqkIERYfwKgAFA+gn9aNJ1TY\/ryrG4AY\/\/98qAAAAQEICsq+N3DWRq5zOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
@@ -111,9 +111,9 @@
00415{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":450077,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkdAAEAG\/9PAqAAU0PVrA7IQD6CvTC9d7GURilAQo65xJgAAAAAAAAAA"}
00480{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":576090,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbCkwAAPUG3GQIERYfwKgAFA+gn9aNJ1Um\/ryrcIAY\/\/\/qjgAAAQEICsq+QzHWRrLFOD1PATk9MDAyOAEzNT1HAQCoAAAADVkI5OYMFgYg3jAEMAATiYB9"}
00427{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":576253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9xAAEAG6\/vAqAAUCBEWH5\/WD6D+vKtwjSdVTYAQ\/\/\/DtgAAAQEICtZGs8rKvkMx"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":662603,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00527{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":662933,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
00406{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":788876,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
00507{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":18095,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"THK5MeMlACJNe\/gxCABFAABw0W4AAPUGFS0IERYfwKgAFA+gn9aNJ1VN\/ryrcIAY\/\/\/t8QAAAQEICsq+ROvWRrPKOD1PATk9MDA0OQEzNT1HAQFQAAAAClkI5OYMBKcg3hAAEAATiYAAAAAADFkI5OYMB9wgnhAAEAATiYAA"}
@@ -122,9 +122,9 @@
00406{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":99077,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tYAADIGmUTQ9WsDwKgAFA+gmLZKUJE\/QJIHxlAQWpSMTAAA"}
00481{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":100000,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"THK5MeMlACJNe\/gxCABFAABe8tcAADIGmQ3Q9WsDwKgAFA+gmLZKUJE\/QJIHxlAYWpTOmAAAOD1GSVguNC4xATk9MDAwMjkBMzU9MAExMTI9Rml4VGVzdFJlcXVlc3QzMTI1OQExMD0yMzYB"}
00417{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":142205,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoGO9AAEAGJSzAqAAU0PVrA5i2D6BAkgfGSlCRdVAQ\/\/\/mqgAAAAAAAAAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":668152,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00546{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":668466,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
00425{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":687593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
00459{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755118,"pkt_ts_usec":23991,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABPU\/4AADIGN\/bQ9WsDwKgAFA+glvwzTd\/tWnk+l1AYb96XaAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}

10
test/results/forticlient.pcap.out
View File

@@ -1,5 +1,5 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1621067203571,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":571879,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
@@ -18,7 +18,7 @@
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59366,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnWuxAADQGqOxSUS4NwKgBsijL8W1kEdPTrZZuGIAYABBhYQAAAQEICgY\/kM4npz35FAMDAAEBFgMDACghidHAtJpSKRWJ59jA1JNw42oTY\/dmGXJgbzbWcnpUpjfbaFQB1oJG"}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm4YZBHUBoAQD\/65EAAAAQEICienPkEGP5DO"}
00653{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":392230,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"EBMx8Tl2KDc3AG3ICABFAADYAABAAEAG92fAqAGyUlEuDfFtKMutlm4YZBHUBoAYEAC3jgAAAQEICienP4wGP5DOFwMDAJ+Pvzq+zAUfbV7XzAzO8kyR6SPi8+PHCMVSKeRefo6BBzxUVgted\/7S1JXrgvYiGetmmO3jPHiDrhWDcVz4c+8efu3wOgT\/E492kxUPwc4UjVhxyhE1wUkDMmngdrzgo2WN7UjpoAyrOo3GIIKKfsJy+eZgSNyosoprodoMnyncoZZE4wMSWTW6IpN4DZSPYGeg92KNxCBdcNED2ldshwM="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1621067204622,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":622472,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682265,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
00427{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
@@ -37,7 +37,7 @@
00500{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109043,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnIm1AADQG4WtSUS4NwKgBsijL8W6yVL0LsdTdaoAYABAqlAAAAQEICgY\/kTcnp0IIFAMDAAEBFgMDACiaUVlfnayZVBonB\/0bq4uxNvKj8siuQLcBr0MUxggpqZLArDcYZrpE"}
00429{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109116,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1N1qslS9PoAQD\/4JjwAAAQEICienQk0GP5E3"}
00655{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":445671,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"EBMx8Tl2KDc3AG3ICABFAADZAABAAEAG92bAqAGyUlEuDfFuKMux1N1qslS9PoAYEAC44QAAAQEICienQ5sGP5E3FwMDAKAf6ycOGoisGDmLuUPZx2+NBbgG8KhkWAB8Nz3dy4fDJtcvavNE9o\/ywFaGef6yNl1gdZXprd9Iu5V1f6t9\/EoQ+5QZ04TdKwgyu\/EBULZ7KUZNs7Jbcw465+G0CHW26Yhh9qQ0z2C45s76iEvhqy08QAZyAysN5FJGljaNK5642VdzWV8l8lwsxzieIYZW6mxl3LZE0\/8o6UPl0seZUrJw"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1621067205651,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":651500,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
00439{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
00427{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
@@ -56,7 +56,7 @@
00499{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139880,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnbRZAADQGlsJSUS4NwKgBsijL8XP7CgX8EnohrIAYABDIqQAAAQEICgY\/kZ4np0YAFAMDAAEBFgMDAChMdauOcW6Ls8zMpiVvg2ZTht4sOE2iePygPE6IcwmsrDzF4ZSHgKvC"}
00429{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":140004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiGs+woGL4AQD\/7OnQAAAQEICienRkUGP5Ge"}
00690{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":274735,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD0AABAAEAG90vAqAGyUlEuDfFzKMsSeiGs+woGL4AYEACMlgAAAQEICienRssGP5GeFwMDALs\/EKPn7uMD3+wpjQBRFW8e1EcPlV6Q6ObSOqheHzsJDzuPoZN+Gy1ymx+9FyKqEEkIOfMazwYQ1jHzyLN0ANGU6MOzbuoIkP6aN6cUV6Hq5u4aMPaai27JxkjW\/meB7CaPzYnZwVS0XzMoNt06YmeNjlaCEypgQR5oxOqm3kSg3\/Prt7AgH4LaxXpG1bhEcVfWFCh9HtyS8dBtzsLRqJiDXjhHZNpSebLaEzxVTZ+rzaFcK8i17+PsWOwB"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1621067206773,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":773010,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
00439{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
00427{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
@@ -75,7 +75,7 @@
00429{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4dAADQGYIRSUS4NwKgBsijL8XTNezv6KSmLM4AQABBRogAAAQEICgY\/kg0np0pM"}
00436{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259296,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAQEAApmwAAAQEICienSowGP5INFAMDAAEB"}
00499{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":262580,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABno4hAADQGYFBSUS4NwKgBsijL8XTNezv6KSmLM4AYABBEPQAAAQEICgY\/kg8np0pMFAMDAAEBFgMDACiulq2pdMiDxsWPQvueOyAAw83reAvmnyN0DGxWcBtQ2f1JK+jBTh71"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1621067209199,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":199710,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
00440{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
00428{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}

2
test/results/ftp-start-tls.pcap.out
View File

@@ -1,5 +1,5 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp-start-tls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383123629078,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383123629,"pkt_ts_usec":78448,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"}
00419{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383123629,"pkt_ts_usec":78863,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383123629,"pkt_ts_usec":78997,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}

6
test/results/ftp.pcap.out
View File

@@ -1,5 +1,5 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":892296,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
00431{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919708,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"}
@@ -16,7 +16,7 @@
00420{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAQECljbgAAAQEICjtXmUUSZ\/ty"}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA5AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAYECljcwAAAQEICjtXmUUSZ\/tyUFdEDQo="}
00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":94015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OoxAADYGpvBagkZJwKgB1AAVxgZYKsIgoyOYEIAQAAMVWgAAAQEIChJn+3k7V5lF"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":580045,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"}
00432{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
@@ -27,7 +27,7 @@
00420{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AQEAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AREAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":666222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n41AADYGQe9agkZJwKgB1GRVxgdmK2gn7sCijoAQAAOfXAAAAQEIChJn\/QI7V59V"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":545143,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
00432{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573913,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="}
00419{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"}

2
test/results/ftp_failed.pcap.out
View File

@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574361625864,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":864342,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
00470{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":878212,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
00456{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":878234,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="}

12
test/results/genshin-impact.pcap.out
View File

@@ -1,7 +1,7 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":822667,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
00582{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00425{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":843789,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwK09AADcRlhcv9Y9VwKgCZFZV5Y4AHKXfAAABRQADGDI6DaIVSZYC0hRRRUU="}
00631{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":883763,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="}
00537{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":914092,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"}
@@ -17,9 +17,9 @@
01994{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497374,"pkt_ts_usec":454693,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"pkt":"YDjgxTWgeJS0JASgCABFAAS5L5FAADcRjUwv9Y9VwKgCZFZV5Y4EpQL+MhgDABWiDTpRAAAB4qolIwkAAAADAAAAFQAAABE4ioiS+rtY\/qakj7lgfNlA0lknPjIYAwAVog06UQAAAeKqJSMKAAAAAwAAAF0AAAAROIzwkvq7WP7upI+5YHzZQNJZpIPgsbuy9jJ0NvZg5hteI8juk\/wat6qO2GbxdwGu6TiMdSxu9KXlOP4Xfbaq+MTwDev3KeW4Qkm3pCpS4MQt5MGvUJrKkRnoEzoyGAMAFaINOlEAAAHiqiUjCwAAAAMAAAAnAAAAETiBe5L6u1j+tKSPuWB82UDSWaSF4NFkpucpvZg4Y+4wMxm37TKnMhgDABWiDTpRAAAB4qolIwwAAAADAAAARQAAABE4gXuS+rtY\/pakj7lgfNlA0lmkn+DJZKbnK72DOErM++RMueyrD\/JsCIL65B9q2LviMC1nb2jEFkChXAV94oXwuPOOVjIYAwAVog06UQAAAeKqJSMNAAAAAwAAAEkAAAAROIF7kvq7WP6SpI+5YHzZQNJZpITg\/mSm5ym9DhlC7sN5Dd8Xvgbme5d51mD49rS\/yIAk5I9kauRcrn8JxxgRE252oVkApksDMhgDABWiDTpRAAAB4qolIw4AAAADAAAAJwAAABE4gXuS+rtY\/rSkj7lgfNlA0lmkheDNZKbnKb2ROGPuckdrtu0ypzIYAwAVog06UQAAAeKqJSMPAAAAAwAAAD8AAAAROIF7kvq7WP6MpI+5YHzZQNJZpJ\/gyxSn5yu9mTh2zOHkTcntqw3ydgi62GDxaae7+CM9675t\/JDKQIEU3LIyGAMAFaINOlEAAAHiqiUjEAAAAAMAAABFAAAAETiBe5L6u1j+lqSPuWB82UDSWaSf4OlkpucrvZI4bcz75Gy57KsP8n0IjfrNaBTYu+IwLUdvaMQWQLBcG32bsKe5845WMhgDABWiDTpRAAAB4qolIxEAAAADAAAASgAAABE4gXuS+rtY\/pOkj7lgfNlA0lmkmeDkZKbnK70nGkJW6ObWQE5KCPpwMDPQUDHvDlsNotrrlH3csKm6bBJNojNjIt7hMmpdxyHoMhgDABWiDTpRAAAB4qolIxIAAAADAAAAJwAAABE4gXuS+rtY\/rSkj7lgfNlA0lmkheC\/FafnKb2eOGPuY18pt+0ypzIYAwAVog06UQAAAeKqJSMTAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXguW2m5ym9ljho7k53CcjuMqcyGAMAFaINOlEAAAHiqiUjFAAAAAMAAABFAAAAETiBe5L6u1j+lqSPuWB82UDSWaSF4PZkpucpvYI4aO5JJCm27bEG4sTZjMJx4fAGluIwLVhvaMQWQKBcBX2pjp65845WMhgDABWiDTpRAAAB4qolIxUAAAADAAAAPwAAABE4gXuS+rtY\/oykj7lgfNlA0lmkheCxFafnKb2eOGPuAHoEtu2xBuKHqI3CceHsBrTiKi0dHmnEFEC8XBTcsjIYAwAVog06UQAAAeKqJSMWAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXgzGSm5ym9mzhj7iBmc7ftMqc="}
01967{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497374,"pkt_ts_usec":454886,"pkt_caplen":1206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1206,"pkt_l4_len":1172,"pkt":"YDjgxTWgeJS0JASgCABFAASoL5JAADcRjVwv9Y9VwKgCZFZV5Y4ElIPFMhgDABWiDTpRAAAB4qolIxcAAAADAAAASwAAABE4gXuS+rtY\/pCkj7lgfNlA0lmkheD5ZKbnKb2BOGfuFR5Qt+2xHOLP2YzCc+HzBqrAu+dMYWneBVAFjRVFGileZvwvOGg0Pa3K+jIYAwAVog06UQAAAeKqJSMYAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXg0mSm5ym9kThj7nNsRLftMqcyGAMAFaINOlEAAAHiqiUjGQAAAAMAAABLAAAAETiBe5L6u1j+kKSPuWB82UDSWaSH4PFkpucpvRIdQg7qxCLgI0UJ4H8gPCN06e8+MO0AheiUftymqbpsEk2XNGPW9S8GGgI9rcr6MhgDABWiDTpRAAAB4qolIxoAAAADAAAASwAAABE4gXuS+rtY\/pCkj7lgfNlA0lmkheDsZKbnKb3dOHbudVZ3tu2xHOLC2YzCc+GvBoLAw4FPH2reBVAOjRVFGikCZt4vcSh5PK3K+jIYAwAVog06UQAAAeKqJSMbAAAAAwAAAD8AAAAROIF7kvq7WP6MpI+5YHzZQNJZpIXgthWn5ym9njhj7kdcKbftsQbihKiNwnHh7Aa04iotGB5pxBRAvFwU3LIyGAMAFaINOlEAAAHiqiUjHAAAAAMAAAAzAAAAETiBe5L6u1j+uKSPuWB82UDSWaSd4NVkpucrhYwSas5\/HcBY6ZsI4HsgHSN06e8GtmGLMhgDABWiDTpRAAAB4qolIx0AAAADAAAARQAAABE4gXuS+rtY\/pakj7lgfNlA0lmkheCyCqfnKb2lOGfuGGQJyO6xBuKAt43CceHXBtriMC0cAWnEFkCHXAV9g\/CbxvCOVjIYAwAVog06UQAAAeKqJSMeAAAAAwAAAEsAAAAROIF7kvq7WP6QpI+5YHzZQNJZpIXgqhWn5ym9uDhj7hpFT7btsRzimKiNwnPhyga0wMPoFmFp3gVQVPwURRopZ2bzL38wND2tyvoyGAMAFaINOlEAAAHiqiUjHwAAAAMAAAA\/AAAAETiBe5L6u1j+jKSPuWB82UDSWaSF4MhkpucpvZA4aO4BYHC37bEG4v\/ZjMJx4eIGquIqLWNvaMQUQLJcOdyyMhgDABWiDTpRAAAB4qolIyAAAAADAAAAPwAAABE4gXuS+rtY\/oykj7lgfNlA0lmkheCsFafnKb2fOGPuZUFktu2xBuKCqI3CceHtBrTiKi0eHmnEFEC9XBTcsjIYAwAVog06UQAAAeKqJSMhAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXgum2m5ym9ljhj7jtGRbbtMqcyGAMAFaINOlEAAAHiqiUjIgAAAAMAAAAnAAAAETiBe5L6u1j+tKSPuWB82UDSWaSF4INkpucpvZg4Y+5dbGO37TKnMhgDABWiDTpRAAAB4qolIyMAAAADAAAASgAAABE4gXuS+rtY\/pOkj7lgfNlA0lmkhuC6FafnKb08lGPmY8vsvRgt8+95JoAp8Pz+J6ZIrCTOTurXH1a2hpFQCTBb5noG3V8\/wyHo"}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":739661,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="}
00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00427{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":761279,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwmj1AADcRDQgv\/qltwKgCZFZW5wkAHNyDAAABRQACIqy6msTNSZYC0hRRRUU="}
00552{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":796897,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"eJS0JASgYDjgxTWgCABFAACLETwAAD8Rza7AqAJkL\/6pbecJVlYAd4PurCICAM3EmrpRAAABbMl+tgAAAAAAAAAAUwAAAOjKqWZw60qL9Yt3tYWQf\/bh4A8CmEwZmVNWIKRXCgqptAdyiLYHXIWEStbbdMV+nhEs6cNA1hYEnQ\/rbBPfqVmPcWA0wHkHrhALTrzN2JnmCbMb"}
00439{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":822356,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"YDjgxTWgeJS0JASgCABFAAA4mnVAADcRDMgv\/qltwKgCZFZW5wkAJNCqrCICAM3EmrpSAAABbMl+tgAAAAABAAAAAAAAAA=="}
@@ -35,9 +35,9 @@
00557{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969467,"pkt_ts_usec":482889,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"YDjgxTWgeJS0JASgCABFAACOnmtAADcRCHwv\/qltwKgCZFZW5wkAekgerCICAM3EmrpRAAABT9B+tggAAAACAAAAHQAAAJ34WIfI0kVMGX\/IRvcrSMme9rwA4BADg3cAGfocrCICAM3EmrpRAAABT9B+tgkAAAACAAAAHQAAAJ34WIfI0kVMGX\/IRvcrSMme9rwA4BAD4AAHGfoc"}
00477{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969467,"pkt_ts_usec":485845,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"eJS0JASgYDjgxTWgCABFAABU7MsAAD8R8lXAqAJkL\/6pbecJVlYAQJJBrCICAM3EmrpSAAABT9B+tggAAAAKAAAAAAAAAKwiAgDNxJq6UgAAAU\/QfrYJAAAACgAAAAAAAAA="}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":491441,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
00582{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00428{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":511233,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwBJVAADYRLowI0UW\/wKgCZFZVzV8AHCclAAABRQAC8VwSg\/gZSZYC0hRRRUU="}
00632{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":572945,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="}
00538{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":601044,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"}

2
test/results/git.pcap.out
View File

@@ -1,5 +1,5 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460821630164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":164056,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="}
00430{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":221958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="}
00418{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":222020,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"}

2
test/results/google_ssl.pcap.out
View File

@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434443394683,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443394,"pkt_ts_usec":683939,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="}
00417{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443394,"pkt_ts_usec":717671,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443394,"pkt_ts_usec":851093,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"}

18
test/results/googledns_android10.pcap.out
View File

@@ -1,12 +1,12 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592552824409,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552824,"pkt_ts_usec":409182,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552824,"pkt_ts_usec":632762,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"}
00437{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552824,"pkt_ts_usec":856545,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"}
00437{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":296508,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hHAAAHcG7PwICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT2gAAAAQEIChWqbsH\/\/5Cw"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":913529,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":913790,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00451{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":926858,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="}
00451{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":927045,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="}
@@ -42,7 +42,7 @@
00560{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":992866,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"EBMx8Tl2ag\/ahpuQCABFAACJyAhAAEAGoA\/AqAGfCAgICNrYA1WXsAW4w\/36x4AYAXhpDwAAAQEICv\/\/zNVkDcp6FwMDAFAAAAAAAAAAART8lEX6ZoAkVgX7dDGPPd7aOXVC56IOwlYrJPrXITEl0kw2smePPpFiQ0QHAmpKlI3Welu7CqTq2DaJ2VTWEoUuXYN80BTAqw=="}
00437{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":2622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0q4wAAHgGyOQICAQEwKgBnwNVu6wOvA4yE7F57oAQAPBuVwAAAQEICn9fg2D\/\/8zT"}
00439{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":11360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0xg4AAHYGrF4ICAgIwKgBnwNV2tjD\/frHl7AGDYAQAPBtSAAAAQEICmQNypn\/\/8zV"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1592552826036,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":36505,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="}
00450{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":49329,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="}
00438{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":51146,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"}
@@ -63,17 +63,17 @@
00439{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":151385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0wLYAAHcGtLoICAQEwKgBnwNVu7B94B4+rSwfl4AQAPS89wAAAQEICrR5QST\/\/8z4"}
00438{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":207745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hqoAAHcG6sIICAgIwKgBnwNV2jAOPHBKaWPSFIARAUTy8AAAAQEIChWqclH\/\/5Cw"}
00420{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":208808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGaHnAqAGfCAgICNowA1VpY9IUAAAAAFAEAADEiwAA"}
00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552827,"pkt_ts_usec":426405,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"entropy":5.297900,"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}}
00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"entropy":5.297900,"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}}
00480{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552827,"pkt_ts_usec":440141,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00481{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552828,"pkt_ts_usec":402579,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00480{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552828,"pkt_ts_usec":415412,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAAiPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1592552871852,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552871,"pkt_ts_usec":852324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"}
00422{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552871,"pkt_ts_usec":941265,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1592552878549,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1592552878549,"flow_last_seen":1592552878549,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":549677,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="}
00449{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":562423,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="}
00437{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":563796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"}
@@ -98,7 +98,7 @@
00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}}
00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1592553007037,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":37028,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="}
00450{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":51414,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="}
00437{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":78898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"}

6
test/results/gquic.pcap.out
View File

@@ -1,8 +1,8 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gquic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02226{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591876186,"pkt_ts_usec":378535,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1

10
test/results/h323-overflow.pcap.out
View File

@@ -1,8 +1,8 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="}
00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -16,5 +16,5 @@
~~ total allocations/frees...: 35340/35340
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 137 chars
~~ json string max len.......: 524 chars
~~ json string avg len.......: 393 chars
~~ json string max len.......: 535 chars
~~ json string avg len.......: 398 chars

8
test/results/hangout.pcap.out
View File

@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00534{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516947,"pkt_ts_usec":751092,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="}
00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
00605{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
00535{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516948,"pkt_ts_usec":761773,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEtXUAACwRwJFKfYZ\/Clk9DUtp3FYAcMuPAQEAVCESpEJ2bG8rRTlqWDZMSTAABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFD0l9HkkR5C8mDGwDSrC9i\/8E7pdgCgABPT5D+E="}
00534{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516949,"pkt_ts_usec":760074,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuNIAACwRvTRKfYZ\/Clk9DUtp3FYAcJ51AQEAVCESpEJFNlpieTl0eEswU3gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFGvaO+U3jhYTDCbM5zzzk6bw5Z+5gCgABA724k8="}
00534{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516950,"pkt_ts_usec":761344,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuZ4AACwRvGhKfYZ\/Clk9DUtp3FYAcMbxAQEAVCESpEI0V3JrM294eUpQYkUABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFNC9mufBZa6t2mlytRWG+GVqRPeFgCgABFD8O5k="}
@@ -30,5 +30,5 @@
~~ total allocations/frees...: 35359/35359
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 132 chars
~~ json string max len.......: 598 chars
~~ json string avg len.......: 451 chars
~~ json string max len.......: 610 chars
~~ json string avg len.......: 457 chars

18
test/results/hpvirtgrp.pcap.out
View File

@@ -1,5 +1,5 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614852331255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":255737,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="}
00416{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":284558,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"}
00410{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":288514,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"}
@@ -17,7 +17,7 @@
00461{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852568,"pkt_ts_usec":970632,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABL5EpAAD8GMefAqAJkoCzCQrXqFGfdahPUAppnP1AY\/\/\/HhgAAMAAjga8Y+mTHKRgHxK4T9K7Pmi5ba5AGM3Hd3TdYOuCacpY="}
00459{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852568,"pkt_ts_usec":996771,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLPa1AADQG44SgLMJCwKgCZBRnteoCmmc\/3WoT91AYchDRgwAAMAAjt4FbugqL6TVO0LXvDYa0OjnRUEy5OX2MCJZHmh6LD7E="}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614861892925,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861892,"pkt_ts_usec":925577,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="}
00417{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861892,"pkt_ts_usec":952589,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"}
00412{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861892,"pkt_ts_usec":955948,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"}
@@ -34,7 +34,7 @@
00460{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861898,"pkt_ts_usec":79454,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABL5W5AAD8GMMPAqAJkoCzCQudAFGcyIeOzBsGnAlAY\/\/\/0oQAAMAAjsMmLPCq4xRkkqZYSVziy+XYA2FVR+y1ETLuZCrMw9DA="}
00458{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861898,"pkt_ts_usec":108226,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABL5z5AADQGOfOgLMJCwKgCZBRn50AGwacCMiHj1lAYchCDuQAAMAAjBV33YUsCFikJAn+2L79S9Hu98amxbcieeybQGGi4+78="}
00413{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861898,"pkt_ts_usec":114372,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5W9AAD8GMOXAqAJkoCzCQudAFGcyIePWBsGnJVAQ\/\/\/K0gAA"}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614861998723,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":723587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="}
00417{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":752102,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":755762,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"}
@@ -53,7 +53,7 @@
00459{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614862060,"pkt_ts_usec":713776,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLFkxAADQGCuagLMJCwKgCZBRn57x0ZskttykEx1AYchD\/KQAAMAAjxFPiYlnMJ1wY0TIL8k0vQbZdqY1Nu5m3owvXDpjbXDE="}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614876808445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876808,"pkt_ts_usec":445263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="}
00417{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876808,"pkt_ts_usec":474414,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"}
00411{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876808,"pkt_ts_usec":478680,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"}
@@ -70,7 +70,7 @@
00458{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876907,"pkt_ts_usec":442799,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLo1FAADQGfeCgLMJCwKgCZBRn6hA0hHqRh+MqpFAYchCwyAAAMAAjG0hHADqXJejEb9J4M2IYQ4gfhimTIR6Rjvq6lY7IAgo="}
00412{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876907,"pkt_ts_usec":447330,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMERAAD8G5hDAqAJkoCzCQuoQFGeH4yqkNIR6tFAQ\/\/8qIQAA"}
00462{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876926,"pkt_ts_usec":772711,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLMEVAAD8G5ezAqAJkoCzCQuoQFGeH4yqkNIR6tFAY\/\/\/Z+gAAMAAjyIodMNRXz\/M9zzkPrnUqQb4b6qFiucLzwHlYNBwTHjU="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1614877863379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":379823,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="}
00417{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":406025,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"}
00412{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":410788,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"}
@@ -87,7 +87,7 @@
00638{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877864,"pkt_ts_usec":310689,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"eJS0JASgYDjgxTWgCABFAADLnQhAAD8GeKnAqAJkoCzCQpzYFGd4ZLWX\/nJe8FAY\/\/9WggAAMACjD6k1s6cCoMfBa2c\/f6Rdz7a2Ysd0Cc1BFWvf4U7b2NsdLbTk4M4d9mFMXanEt\/gDJYn82zWDx8jbCtM68BkmcAQVawO1BRpWRbklJdTkCuEIHU8TgFnxPcFUoVK8n5VCMu6K4oHn7gCBqc9szhaeqtMErVT2nyWCIv7ZlxMDT8OZhppwNaCHzj22Lr9eauheboJSIBYZ9VM9R7BT6+QYAA=="}
00418{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877864,"pkt_ts_usec":336329,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPtAADQGdFmgLMJCwKgCZBRnnNj+cl8TeGS2OlAQchDa4wAAAAAAAAAA"}
00460{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877864,"pkt_ts_usec":559887,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLrPxAADQGdDWgLMJCwKgCZBRnnNj+cl7weGS2OlAYchD41gAAMAAjYhvXFcQlJP5se\/SeRdujoJwSaYnLSwg\/wacM8qSGS1w="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1614880256676,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":676767,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="}
00417{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":703598,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"}
00411{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":708701,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"}
@@ -107,7 +107,7 @@
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1614892184461,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":461059,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="}
00440{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":487051,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="}
00418{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":489981,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"}
@@ -124,7 +124,7 @@
00413{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892185,"pkt_ts_usec":660780,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoo7lAAD8GcpvAqAJkoCzCQsKuFGf4RqYkEFbKXFAQ\/\/86JQAA"}
00460{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892314,"pkt_ts_usec":18583,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLo7pAAD8GcnfAqAJkoCzCQsKuFGf4RqYkEFbKXFAY\/\/+VgwAAMAAjZZ3X2xTEM0Pc8Ee9F7OVQYqXp0oT8Q6woFUmHmRVn+E="}
00418{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892314,"pkt_ts_usec":46506,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAosgpAADQGb0qgLMJCwKgCZBRnwq4QVspc+EamR1AQchDH8QAAAAAAAAAA"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1614894888601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":601792,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="}
00418{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":628926,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"}
00412{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":632784,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"}
@@ -141,7 +141,7 @@
00412{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614895189,"pkt_ts_usec":27109,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAocz1AAD8GoxfAqAJkoCzCQqY4FGfLLz9j1Us2wFAQ\/\/+5GgAA"}
00462{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614895277,"pkt_ts_usec":741473,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLcz5AAD8GovPAqAJkoCzCQqY4FGfLLz9j1Us2wFAY\/\/+ezQAAMAAjfSFNyYh3liHBj99rFHuZ1Ae4L5OSZFNdWuL\/qI5c4wI="}
00461{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614895277,"pkt_ts_usec":767885,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLjU5AADQGk+OgLMJCwKgCZBRnpjjVSzbAyy8\/hlAYchDkcQAAMAAjPGAp+lAOrwSVxDE2OxbM9kHuUgOjwsCJ\/LfzfE2i34Q="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1614898090218,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":218683,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="}
00418{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":245916,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"}
00412{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":249719,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"}

2
test/results/http-lines-split.pcap.out
View File

@@ -1,5 +1,5 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593713340401,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":401681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"}
00432{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":401724,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":401990,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"}

4
test/results/http-manipulated.pcap.out
View File

@@ -1,5 +1,5 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-manipulated.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946727901369,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946727901,"pkt_ts_usec":369326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
00430{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946727901,"pkt_ts_usec":369648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"}
00415{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946727901,"pkt_ts_usec":369657,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"}
@@ -12,7 +12,7 @@
00422{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946727901,"pkt_ts_usec":370531,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoC+xAAEAGrXjAqAAHwKgAFB+Qg2CKV1BlboFzbFARA+vK4QAAAAAAAAAA"}
00417{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946727901,"pkt_ts_usec":370537,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0h+5iIqPABjzZLGICABFAAAoum5AAI8Gr\/XAqAAUwKgAB4NgH5BugXNsildQZlAQAfWBhgAA"}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946729142063,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946729142,"pkt_ts_usec":63151,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
00431{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946729142,"pkt_ts_usec":63378,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"}
00414{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946729142,"pkt_ts_usec":63387,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"}

2
test/results/http_auth.pcap.out
View File

@@ -1,5 +1,5 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1381844050222,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":222515,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":402547,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
00427{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":402655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"}

32
test/results/http_ipv6.pcap.out
View File

@@ -1,13 +1,13 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1448269123954,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269123,"pkt_ts_usec":954061,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="}
00456{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269123,"pkt_ts_usec":971846,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="}
00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1448269127395,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00704{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":395120,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="}
00510{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":395195,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02234{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":400446,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
00456{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":419269,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="}
00456{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":419302,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBABMJ2aAAABAQgK493E7RINbDw="}
00511{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":419312,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAEYGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBgBMJRuAAABAQgK493E7RINbDwXAwMAIamaKXQXAEJ+l6GRGDPCWYkk8\/GIYJF1yZM9UcV466R1KQ=="}
@@ -32,18 +32,18 @@
01135{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":772665,"pkt_caplen":581,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":581,"pkt_l4_len":527,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAg8ROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawIPK8MABegNpVD\/7\/JYzlk\/BYlFgZIFfHfw1bXDQPU6CVEq6Zu\/BN0YX9q8KdtjKz2kPswP0T\/MG7ZhdaSfLUFJ\/NAYhY0mRcMGmmQmzmHRbHbwhWps05f8n34Tn1sNM6rta9iduCVINYTfizjYboc2gBDUNrR1ydHxyATtR5OcnwZXWufFWI6Gpbt3UnrADrDmQFUA4LLUXdcHbpuaa4prYi0tyxFayQabspYn\/ZywEYFFUpeYQKZYTE3+DvxTvMRhoUnXr5KYUUm8NE47p7y6iMh10tXVxlCG0fUT56wBvqGjwp82AXSLgEBqdD4s9IbTq968YdwVm3+fqkZzoUy6vJLLKtOhwhmb3r2un4HNlyBhDC9okkeHVeoP6rRTVH2H2mFRFML6lvQ2z4xnVsAp91cbQFqZA193cC0uG1pmYmTO7yDRVqkQpn\/lDbc7KneAGzV8DlalkwbPwa7nWCswi0D\/QFCqWuRXDw3AnvmOK0AmMJDBj0SbmaI6I8hQNDshiJP0u3hnk2fPONfuO+0LgMdPuNSQdHyHX2\/HtUa2P61qhIgmdqHF1Kg258fqOSj7c3+IXv7KZqzcqZkZaeW9P3fi\/UZBrlLPztduZdIVHnA57DmtVGMZk3\/VAShaEcfqkJoxfeEYE\/nlQsTB7gHtRv7AGgXEh3Ma0W7mjss\/NWZlpszmpfpl3pY="}
00480{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":798722,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAADARQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwAwFZEMSb7i0\/DtzNYHRDHMJE6JwbqCwTUm1pgKamJUbxHMwtRxH0S17Bee"}
00467{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":818509,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACUROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawAlJwsABu4AWQBJc6S\/ABpFwRqNbmpSh1W8j6OzpFWJyQ=="}
00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1448269127922,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1448269127922,"flow_last_seen":1448269127922,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":922059,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIAwAAAAAAACAI5SQBuwROHG\/ILPHEgBACniVsAAABAQgKEg1swGh+tvU="}
00457{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":940031,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggDAAAAAAAAIAgqAA1AAAEAA3qswP\/+pw1MAbvlJMgs8cQEThxwgBAA+ZiqAAABAQgKaH9m+RINFL8="}
00519{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1448269127960,"flow_last_seen":0,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1448269127960,"flow_last_seen":1448269127960,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00696{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":960079,"pkt_caplen":260,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":260,"pkt_l4_len":206,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAM4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwDOCoAMj5N114hr41MJBd7sKG9JfODv2KzX0uexKi4OUzkr936AyksmjfKzejWhR1IllABVz6\/Nd8+DDPRvVbNJa4sAljMB\/byd9EnDrnASdvNnincHpyqVPP90d4TSxj+ARZa\/L622T2LNfPxOM6m\/si1ZmPjMCf2wR7DzkfTBciJe2oZugnMhbWbTFVoln8LtSZhpET4oRj3Jk\/IY0Vhm0AHAVNXjHBEt89UVS7Gr6h9OBH5HRJ1TIdTk4GJ40SQl9lgo1l4eCx0="}
00535{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269128,"pkt_ts_usec":3411,"pkt_caplen":143,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":143,"pkt_l4_len":89,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAFkRMyoAFFBACwwCAAAAAAAAAF8qAA1AAAEAA3qswP\/+pw1MAbvXaQBZLuIAB1nnejc74Zg5YssedTReRP0KRIf1hcs3Aafoe+Tuwy6JT\/77UOdg9PcT9s8XDyyGEBG\/Mph8KZAg9aAfxnp6BrSLMfMbzThg3fGY8Pw0dHA="}
00471{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269128,"pkt_ts_usec":28795,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwAtCd8Mj5N114hr41MKZOnBWgR9A+MJ4bypcpF9U29vj07q+fvNp9EO"}
00693{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269129,"pkt_ts_usec":551204,"pkt_caplen":257,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":257,"pkt_l4_len":203,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAMsRQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwDLFiwMSb7i0\/DtzNYIgWvfZMMzgV0eLq0rcF8Wjfdc88El\/OKe3m4b7L9HS+mMBEYrS+doCavo0g9v4cjNuvKk8Lt9jqbVMq4hpZuUInyA\/FDGcB9PdVXM1PG9Twc53K\/NE22oYsP600rWQqAeBHFPUIlrjHB7GsGewzsm\/LoNAyfg92ccCbiDQGEU7VnL8MvE74giVX7LYq16CD0sRU278L4kXMTwks9YhQkTkzvxemT+Ky6GjVXsflRJFFvd1vRUrGaTm7w="}
00473{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269129,"pkt_ts_usec":597234,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawAoTL8AB+q\/vPhS\/ZnAgyOaUqmaLKPlvPx\/8rQ+trou59iqhw=="}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":575377,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":575474,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU0AAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00469{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600012,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXmyY1W1zoBJvkBOIAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00456{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600069,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="}
@@ -79,7 +79,7 @@
00833{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":664165,"pkt_caplen":360,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":360,"pkt_l4_len":306,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAATIGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOq4Liw8Z6ggBgAdHBVAAABAQgKAF6s9xINdzcWAwMA2gQAANYAAAEsANDvs7P+YV2DQXBR8VMRR3R3Gkq0wSBn+JJrOvPDuGcaeSeQYfYW8XiToXNfzxX95HoarO9PH5fFlOD2LF\/WhIJ8kZHn6PO5gYzl01z8hqzsfijA0jKKV2GWrCRSGwu1bJ9vtgZ2uQlA3t7EDCyA8mtvJmvqOeLY2b2QRZUZ\/jiGR6S\/LaH7oJTBUtddg1SBi1CGaieQtSjIJyikpKr0pxp12OU7\/ICH73vQdw\/07zVK5fWlbYmyKox0BfYySBx5X8Uz3QifaButrbMN+nd9JkWcFAMDAAEBFgMDACiEuSuOd0g+FPcdT\/BvxyVDi\/LHUtOzqJIxutwBfqrrX+uxTroXvDIw"}
00458{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":701994,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnqBDquHKgBABTmsSAAABAQgKEg13RwBerPc="}
00458{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":721261,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnqBDquHKgBEBTmsSAAABAQgKEg13SwBerPc="}
00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1448269139219,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":219031,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="}
00470{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":239626,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="}
00458{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":239713,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="}
@@ -98,16 +98,16 @@
00458{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":267465,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905UJXgBABO2sSAAABAQgKEg131ABerY4="}
00630{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":268658,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905UJXgBgBO2uQAAABAQgKEg131ABerY4WAwMARhAAAEJBBJzPR2sM7OXWdxxTH8ExN47HkmvsmfbFKoKpWKuQbAgx16wrf2Ju0jo7UKJ4ey27iDy9z0akfx+6qqHS0YZyK\/MUAwMAAQEWAwMAKAAAAAAAAAAAVYNTEifBKSPslrliap2MBJ4eUNQS6r3F5g0RZT2LNnM="}
00829{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":290633,"pkt_caplen":360,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":360,"pkt_l4_len":306,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAATIGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlQlcOHPYtgBgAdCYUAAABAQgKAF6tlBINd9QWAwMA2gQAANYAAAEsANDvs7P+YV2DQXBR8VMRR3R32JsXZKQkGVMRBICFQu21kmwsUFbQ4fWFEWniUJQ1U5Ndjg3zAKrWb+Xo64MaD9i4KF18Y58k0uqRdFnrY7SfNc3skH1KszimnYvY7GZaehYi\/O8Dp9uxj18b58fTf4imGbk9R14dKUOK+lbCmVGaj\/amG7vnxb17jKw3vP9B6TUc1IqNvMfuLr8tfNwVA0O7GNYD3XVbD7MXao09q\/SvVaO3XO5Z4rQfLdFiLMs9SBSTuY9JlPaSwHcbvTLJDwv6FAMDAAEBFgMDACgsEaR9WDcIXZeWNgvSMO7Uz+Mu+b6EsYO33vgkZDfPmJ9HXC947vcV"}
00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1448269139314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":314022,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="}
00459{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":321037,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="}
00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1448269143410,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1448269143410,"flow_last_seen":1448269143410,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269143,"pkt_ts_usec":410021,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAyiAEBA\/IPrOsAwAACXenXQBu97bCAR6JAzggBADIfF3AAABAQgKEg174HFvpAM="}
00460{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269143,"pkt_ts_usec":539406,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gwAAAACAGKyoDKIAQED8g+s6wDAAAJd4qAA1AAAEAA3qswP\/+pw1MAbuddHokDODe2wgFgBAAa0\/sAAABAQgKcXBUrRINT9U="}
00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1448269144306,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1448269144306,"flow_last_seen":1448269144306,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":306064,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAACagSYBu7SkSa3RTHVvgBABRwoCAAABAQgKEg18wD9sNbI="}
00459{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":348055,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNSoAFFBACwwCAAAAAAAAAJoqAA1AAAEAA3qswP\/+pw1MAbuBJtFMdW+0pEmugBABd0eeAAABAQgKP2zlshINJLA="}
00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1448269144450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1448269144450,"flow_last_seen":1448269144450,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":450926,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="}
00471{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":475600,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="}
00458{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":475660,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="}
@@ -126,12 +126,12 @@
00459{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":508786,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xQvAgBABO2sSAAABAQgKEg188gBesqw="}
00630{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":510248,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xQvAgBgBO2uQAAABAQgKEg188wBesqwWAwMARhAAAEJBBI2kiTbFVqk1DnTMkksLyBJY73L7yEM3biwxnYTxFSEWSVY81Ndsd88TY9qGNC+qUQjFAAStyjdWtIZMKeYeaE0UAwMAAQEWAwMAKAAAAAAAAAAA6LNWqSOV9xS+am+jb+odvLJ3wy3u8abT8cohbnsD+cQ="}
00838{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":535687,"pkt_caplen":360,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":360,"pkt_l4_len":306,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAATIGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjFC8AHnzdogBgAdJvpAAABAQgKAF6ysxINfPMWAwMA2gQAANYAAAEsANDvs7P+YV2DQXBR8VMRR3R3OIv\/Ead+tcM\/fneMx5kPIpBedJOYBNv\/DjGBgwssRMpXMNnsPcQ80l3SJ8zKGOODHeRFN\/L2WcR\/BL\/hMZa2fuYoATXULlLMbr3M08PAbqVZC\/btKDT\/5xY\/ujY+EEbwfkz73Js7\/kppVheXfGPkL8IzEJYvYoebv4PHpvKl2c1xfyHumPru6eiY88sp7UK9JV9pZD2pNU\/werVtYVSDCzhNSlmajLB2as7Q1SRUyNj5EgiqP3O1Z4YmgpIWm4wyFAMDAAEBFgMDACgndRFmdPhy5vjdcuuThpfWuc2y2v2fq1H6j93EAvEgrMYJHKjRT1pl"}
00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1448269145458,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269145,"pkt_ts_usec":458059,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="}
00459{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269145,"pkt_ts_usec":478561,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":905115,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuykAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":905214,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfMAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00471{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912188,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTbEj630oBJswJfaAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00459{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912247,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="}

12
test/results/iec60780-5-104.pcap.out
View File

@@ -1,5 +1,5 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1219992231267,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":267238,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":267345,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":267487,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"}
@@ -16,7 +16,7 @@
00426{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992291,"pkt_ts_usec":323204,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubUBAAIAGRJWsG\/htrBv4TwYgCWR6t61Z62XTyFAY\/\/nFDwAAaARDAAAA"}
00425{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992291,"pkt_ts_usec":324568,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQVxAAIAGcHmsG\/hPrBv4bQlkBiDrZdPIeretX1AY\/+pJFQAAaASDAAAA"}
00426{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992291,"pkt_ts_usec":478741,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobUFAAIAGRJqsG\/htrBv4TwYgCWR6t61f62XTzlAQ\/\/NwHAAAAAAAAAAA"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1219992393215,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":215803,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="}
00429{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":215922,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="}
00426{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":216061,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"}
@@ -33,7 +33,7 @@
00417{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992485,"pkt_ts_usec":281875,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQXxAAIAGcF+sG\/hPrBv4bQlkBiJI3nu1bS7a1FAR\/9FJDwAA"}
00426{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992485,"pkt_ts_usec":282039,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaFAAIAGRDqsG\/htrBv4TwYiCWRtLtrUSN57tlAQ\/\/NKzgAAAAAAAAAA"}
00426{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992485,"pkt_ts_usec":282569,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaJAAIAGRDmsG\/htrBv4TwYiCWRtLtrUSN57tlAR\/\/NKzQAAAAAAAAAA"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1219992486295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":295923,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="}
00429{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":296052,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="}
00426{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":296202,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"}
@@ -51,7 +51,7 @@
00426{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992589,"pkt_ts_usec":194723,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"ABXFGNTMABNy14eKCABFAAAtbcJAAIAGRBSsG\/htrBv4TwYjCWQlpaXo9d4fFFAY\/\/MupwAAGBgYGBgA"}
00417{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992589,"pkt_ts_usec":196644,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQYNAAIAGcFisG\/hPrBv4bQlkBiP13h8UJaWl7VAR\/+FJDwAA"}
00426{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992589,"pkt_ts_usec":196807,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobcNAAIAGRBisG\/htrBv4TwYjCWQlpaXt9d4fFVAQ\/\/N23gAAAAAAAAAA"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1219992590188,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":188368,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="}
00430{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":188498,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="}
00426{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":188640,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"}
@@ -70,7 +70,7 @@
00417{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992686,"pkt_ts_usec":533107,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQYtAAIAGcFCsG\/hPrBv4bQlkBiSd+ybkMVRt1FAQ\/8tJDwAA"}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992710,"pkt_ts_usec":190541,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubiNAAIAGQ7KsG\/htrBv4TwYkCWQxVG3Unfsm5FAY\/\/NISQAAaARDAAAA"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1219992782348,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":348776,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="}
00429{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":348894,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="}
00425{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":349033,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"}
@@ -85,7 +85,7 @@
00426{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992818,"pkt_ts_usec":954548,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkJAAIAGQ5msG\/htrBv4TwYpCWQN1WRpBOSZhFAQ\/\/lGsgAAAAAAAAAA"}
00426{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992818,"pkt_ts_usec":955088,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkNAAIAGQ5isG\/htrBv4TwYpCWQN1WRpBOSZhFAR\/\/lGsQAAAAAAAAAA"}
00418{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992818,"pkt_ts_usec":955112,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQZVAAIAGcEasG\/hPrBv4bQlkBikE5JmEDdVkalAQ\/+NJDwAA"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1219992819942,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":942883,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="}
00432{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":943016,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="}
00426{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":943166,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"}

2
test/results/imaps.pcap.out
View File

@@ -1,5 +1,5 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590857744659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":659641,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":706356,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":706435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"}

116
test/results/instagram.pcap.out
View File

@@ -1,7 +1,7 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436720898354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":354402,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1436720898386,"flow_last_seen":0,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02274{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":386781,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"}
00424{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":475679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":499269,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="}
@@ -33,18 +33,18 @@
02102{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":466768,"pkt_caplen":1297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1297,"pkt_l4_len":1263,"pkt":"QPMIw47hABsv8H60CABFAAUD5ilAAFUG\/XofDV00wKgAZwG7hJCk1KF4iMGXbIAYAFgtQAAAAQEIClpSswIAA+s0c9PZpcIdo97vqW+zDXNfxkt+5hSLMDEOaNcRMP8OfQNYlAdI\/OjaYdVFTkhzSJImLWOwFsxHEMr4z1ldNgdfL2IzOZi0Mr6VsXdj\/Ko+13o+n3EyPGZZfWEW+3jo62tYZj3o2SLxydN+UaP07FHfnrKWg1nX6V+JnZ\/a7vBpPJKTEh8CeyEAFgNrA8ezG3bPGiFzbGUKz4alw+O6yxjc8PVE5DLdKsn4mJJ7LRWsGx1LZe2edYPbD7JPOeqDZNmAnfunxmaJy2ooLPYo62K3OJENRAiormRpmEhQzyCCP1ZuFnyBnrf5fYqQwgx+AmmwxtjVdrq47NGqhc2lEmv11\/6HhH5OzQDE1vQcZRwKnnqR7gFD8\/OfRF4tqcU7BfY6Oku0ulpIwoUNKkLStMSa9EsrpkVRA8eDgQioanyZi7PyGy8bvA3F0GiaAodDtsSVOB9GLRy8owX976nTVuhflViEarITMbH4afs58Rx2p\/kX+CN6Di1dmJVpcpuAWScpMXikphTkFn\/jSWIj7Q3I8M5SlL2h4d4r4nqBqOgDHBh+4wKTodwZT5NeImHmN70ZbJSe1rIrPBBEEEj2Iv92uNutSpiDWBnn24mr42kV+hcFG3oB6IC5rFdjT2ggv2GoAnu1N8jJk6r7pnv9FnO2sPE61MAi7iMgvttfLY6UYPW4JGkMJP0PaLqLshHBb8FTj41fB0fl1jYIT7Adee0C5IYu\/a5qzIb6v\/pcLZYsjbIt3akCFzjPSSSUOGy5WyVOme+hyVpkgHoNz\/wD8TzeoLUrQL56PLVJ0L3IGsvTXLwyRac0QFJJcOwdgUWd\/wnB9TYbEN5njfMqAPwIern2gMkt+mrM4CFA7yGdf1hF2YXrKekjDb4oszhct8XZ7uvH\/9xY7KRQ66Sij6T6baPQo8Hn7zTL19q9qb48PdFg5VWkyAoRDYHv0drCDdYV3vgGyFxbAcdHz2cws3+XD4lB2+O9o+UCaRb4XCQD8VJgweKIsDuty4TxuYXJPts9SPh\/qjT+ff8fhwAKO4ci4abqPyQbAJCM8rN5T5l2F2xibZo+oM4JSGbEVxscUlx+BiyBQ2OEfoAo4CkmWSwqo3IlpSAmnxbo71q07Lw9Hj373+I+Xoei8XdHu8ZSJCjLWlCdcFgilGeXqOEL61LsJfI\/BqksucXwTtLXieaVZAccFyk2Yi1ppHfj6Q30i5vi+\/DwRPT8CKZtoU3ZjsN6vtjY6FkOHq9WQ3j0hB2TqfjEL9rEc44sipkeBKGl6SOERe0s\/u7RnoW\/uHb5zAqgngDSRUi2Tr2jEdlxljG7PKNc5o7sP4H9iMdycA3Z8EzbHryjRO6FKldJmsB+D1y3gZoSUNBZRax6I35tpYAaZ74HE\/SXUi6MdevGH0LF+nL+\/srldyrxE34Y2rHtfKTNZCR+V7EIIib0kvb70lDK7NXMYdc7ivaZv12714QDSUNgJLjeSHd5o+Ahvrv6DorDbdPw\/JhK\/ngErDQMFmfQC92KMgcmnPyc59ZhuKJ+9RPPHf2XbQw\/Bl29MwMm45Vgoq1kk6K7PG6Ck+O76jgmz3kuzlFOmsy+rF6giC9x+Be\/ZZczNRg8ee+\/TAhXnw4s\/4doRa5LK0VGwjB4nlFkucQGhA=="}
00426{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":466829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0a5ZAAEAGkd3AqABnHw1dNISQAbuIwZdspNSmR4AQAeM9dwAAAQEICgAD61taUrMC"}
02337{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":466859,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWq5ipAAFUG\/NIfDV00wKgAZwG7hJCk1KZHiMGXbIAQAFghJwAAAQEIClpSswIAA+s0FwMBEADO1SD0fHe843XJ+ZCOsNse8zM32GCiYFzzQfE91JIzbvwKe5v5AojHnzd8Wl7xnd22RogOxu5mhHMXv+7gqxkRujNqA35I\/rekY+c0kH+\/NSEyhs13IVdOUvD59xSQ76XNlZhIX2Xko0Ujj89TytZG5NxEGw2JLZI12mLK\/g5a3flx\/J8hZXwcLBRqzBjvvQaZl\/uZfneb65tfZAHBfa2ufzlLs7JZ3BUDM81wWhbIMe2t4KJ16+dUvWdOAOnEu9ZLqWxo2GhoKSKyi6fIo+gieCl4b9EH\/cKAYDIB2T1y3AG02pFtYejKcW0pDhSuvE+LlCShkDevJtXkqE\/96fTPU+kGFn2Qwrek2kde18SDzMd2Xp7+gakArcV7zrJ+QtPsKp76SrAEXQtaDoH76oSlGZcjixiuTacLQQUVNs31sJ8te5vUsDjHoOxNEXc+m+tbi5LMd6coYVh8uDFhm1\/qpTqcLkCRZ6tkNYfN5rbfrh8BIGqkzvpcFtt4ODJzaRhHJLTbIgTpho3IlML0bD9x0mwzQXu+zrpQpcdgfd0TiLCJrt7UYVObyELXY\/6LuFunz+G9OHxZdH3Cb6RT1Gje4opqLVz484fLFNsmXvlM6kJ\/1FPC9JDqYn\/7fJ9Ohc0XVFH6NIg1Qmird5JP3szzmDc2kxh5b6FvPIkvPcxGWN\/Smh76ITW+XMhl8fpCxQLkePunhDquVopN8T0lKT2Rr\/DeFwl+cxiN78G8hvhOSX9kWTE+\/ey1TIgwX7ezJ6GuIKG+OaWgSZWVXeZJYl0KZbA7L2uCmgjtl\/xYdDJ0acH51sYUNDs2b+d+ZfKMdOw7Ys+K45Wv9xe7Iwxs8oWgnmnUYSE4gn\/QT701yKr\/\/jSZlBWSPDIvemWROGW4VIFY3byV2wHOcLrG8nR55fQ+P2mKz6bq9yHGI\/7aySBuQ2D4E7sMvHw0tHATY+SckFimZWeTp7BvrEsQB2wcE6OK8b2bWsAA6\/7MBbuZ80TMJ\/buDkXeamt0hYUbv2yHjvoLmWHRrz+Zcw\/ujCQm8JVxDHghVA0gbhztSs69wgYPdi5It1hGIM\/upxkfsVmC\/EVXLtDdT2824YvYOLLMTrv0G5lf4ao1pRZwJOrISBejPGJyaiPv6mfPQlFvEcBDQpE7Ad\/ILXeAsY15qJnOepLznFfgTjW1Li3LfUkNpGLPJIfdhTT29RHqUD+wM3QVdE3wf1hO0XJv3FsK7IccMA1iNP5GCOqVCpy3\/DwdyNM7zBIxORN7gHEXphyzeEiyJXP7Zz8lLOV\/2JK607pHXDPslnXzcOgbs6nhUvLDwk1vRtX\/uZlQLzOSYLhkNSaWZJ8TCBi\/3QsyIZFBfdkrg7LRtUgvhOmM976D0CHChLfxXh0UI4CRv5Ef1DajJOmP\/gDwfDfOzCTjtfq+xCOreQdh7QYwO7Qd0I3dhmY1CX2w9E7YdK\/4igT3+vKQaqJnay5Or\/VsaB+hYCsif3Sdn4TEnoqMMK+QCCHxaeTEFdWzU7Xm3abNrp\/tNh7Zk+3BXNNXNZCTB1vSLUUEip3cSDc3zVR3jn5ug2TPnaUyxJnpL303hAaZaTlVq21XQbafyrFkgplOlXTHuHenvUWFf\/4\/0HinXAyyHl2KoL\/oGAu6aZiAZv+lpEMPpOkDJd0QOWATyCcUUKlG4RZqFAQE37vG3REc\/oD9K3Om1NhLzYJsJe3\/MP06CdpnU6V8Zgc+R1SstbiSDAKazAmbZyPwcC6JVPYob+BIlnZZKydUo7eEnwE0kdXt64hzFWZL2\/jph4cOmLxKtWjBLkiYbzniBSU01HWVWQs8V\/acIoFVfnLOknrGJQh8ZcfRmvO97xj7mtYX"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00777{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":684083,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":0,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00768{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":687959,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":0,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":690339,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":692262,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02335{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":716768,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="}
00425{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":717195,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"}
02335{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":717531,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+uH5AADkGTesuIUagwKgAZwBQl6CnSNtpj\/UmaIAQAim7PgAAAQEICprfPdsAA+tx90aIlfAo5VgaFp1RR2lqIF11HkXG1EC0kCNTtiUHtjVp6NcD2pwL3cCqxUOdE4JFh4qboeFOsCpz9Eidh9bgtdXUdh9SVOeSpyd3qyp2GRODmO4I0mRkHS8KHpOY3nKhiq8InOUI+lYNvLwmo5jSORAzTOTbndzUE5Y3MVUQHOi4UqtVNyNQUqN4JEYoPVnA9Y1CTo+HL0aikRnBI6FBzLC4cqxIKVYeHKkfNTLCqbuYgpXQqORYuFN0aJyOi5k\/QKnMtfhWUroFpK\/BZ6vwTrAo5kruCfoHBMkSse6B6UnRqNeZwpejUb0a4ORqg9E5jlaiHonAvciarG9iObyOVEB\/MQUjo+Ke+BQnfVVOZYFFZSuo7HVlCwlfgsNhQJ+hQJuh4UqwuHJ0SBK6HhyrAqUvQ829WtFIsSAPSdHMCWEZAk3CjSXgibY5qBJ1CDp+CJLCBAs6irLb4dPrTAhbPwonSOCDpkCJZOCPnqEXSo1GsqIj6RRxJKgo+m4IVm4cPWECLrHDq9Ogmc\/gj5eEnKo+a9oIqqzlaoIqPQndwKqI25WuS7u4Hcjxo5HDZ0iCZz+R3c5tj0cNiqiSdyiY9HJpzubY16iYqqNjlRCKqg3l4E5UDkXgReUER3A1V4E7nDaj3BE9yA1e4OTkBVagORvA7m8CtRQdzlm4GzRuY+fzmPnKDedwNVeBeRwLy8nZWCdWreQIGTJWcSSvCBbXKqjrKCrrMjIekQUXS81E5yoj5\/AxJHBC93AiOcNjnKNiP4IemUUD5FCLpnjpusvRVS2g6rbyhQ68gUVtNarNnRqBbKBVkkcKDrajqLYcFZbD06nW+Cp1tGVFtqiktvmU1tclVbbeFPraBXS2o6S2lCp1vh1EsqKq6yiKy2ECssjWm8\/gTlUacrQVEUHN5AXmKDuj4HJyC5HINEc0SK1wI5jgc1UG5WonI1OT5U5jXM4lyIoI+JzXOTgfzeTc+HglVqpvcijR\/Km57XqkRzQjZI2oi5yOWK9A5XcNnLwlc6RVC2y0IelUI2zIDOXhN6VSoknalG9yjje6QcPSIDeV4RLIoV2zuCu2eNqDpkag6RrlOVAcqcDnRqN\/R8KZGIiR0KssLWVOV0DRWHQcOZ8KBP0KpyLFwSoxRuRqg7m8hyNUE5VBq9wcjkTR3OY1zkG1H8kxXK3G9rko0e9jGTqnTdZcKi64rdF17kUGklTBssxaZRsnQK\/TsFEkqMj53CRHcLu7hryIDlY8OVFQ5YUHOsHBP0KhYdWULCwNCZYOZOtdUTLW5q6lXk7nU+C6lVgW0r8E\/VlatMhVOboeamWFETpErJei5OTo+adzeByxoEvRcN6c0T+bw17kErmKNeZwpFicNVZzT0YiU6R8OXoXBIsSse+FUS9C8JUYo5OjUJOjVD1Yg5kiQJkjUH9FwSrDyJEajJUa1OToualSNoTJGgSpFwToxoTtjaiz0LSp5KvBbdU5O11N4NjsxuIWzoOBszGolc4UaP4I0laDGyI0jXoCLyh3ciFRWg7uaNVbzT1YiJUjcNyNRp8jHJqyTgjSy0Iem4IUma03noDec0OVeBvLwNRVJbz1G1HoNEeompJwMXnji5eEqORtFRwkVVTaj2AqtUOTkacncm6JUaVWuFy9w15vA\/mID3xKD3R8D+YqciN4bnMQUiNcNea4OTlDuRQaqoHdyg1FUEaqoRUeEbn8NqS8OJX8lGr1HE56hE53A1yqnajtNTq9aYMe6OZzD0rQYj0BiO4TEe1pGvcEaSoNGS8DEe5ETZuZB0zSY1VWRucoRJKgNWZ6cHSPCBZkBrZ1HXbfVFBb0bKiWeFXWVGo+l4IVegJy8JV5B81eEnLzOcxU1RHM5HqhjncNivVEbZWMj6VBRu5zIk="}
@@ -93,7 +93,7 @@
00468{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":879091,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"ABsv8H60QPMIw47hCABFAABQv9tAAEAGTK7AqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64VUYwVLAQEFGnzMtFt8zNWXfMypR3zMrtF8zJKnfMyYMQ=="}
02353{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":880250,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+G29AADkG8qxSVRq6wKgAZwBQrVt8zNWXo9aCTYAQAxTAQAAAAQEIClRjBbIAA+t+DCqMbFwx7JxEXBUu6GulOBOJyE58u0hdRthkLrO0QqvBlCufqVAgyxVWRlUXfQ7Qoi0wU31qhlkeE4Q639P3TT25VQfngwZQVDwqrYT\/AFKnmQnYP91ROrVVGoTOHc7XC+GA9JTG9qcCnUm2lyoYEpphMRChcSPwlxTpIb8muFVn4qKYu6Qj9lRp1qrQ8VGAHwJ\/3XCm5gkzktlWuZ2+EHXcO8\/dcRR0qN\/VR+IfsmPsrSBoEXXOdWeqQ+o7K2OH93xKdDGl3hUfW1o2XE1Q\/jXucLhMQhb0XEa+EclUqZOVDWhGoqZLaoePqCq8Mx3e1UacEKcJznaJ73l0JlGmGi4XO3K2iFxFJxpt2AOpTqL8SCuCmm4tcq1QBUH3N\/VcTwzH92jk7sNpwQrgmVbDKfVlyL8JxRnlwrpdbEqpSa78RUnkkey4uCzRfi0zfq1UntraLqjh32HdVq7HZcczsvit\/HlCqeJqRTbJ\/sncPoar7vZqrMp1e22IGITOJriQWgtTeKoPXxAi6nomvbTaH1dTog+XYKbGAdE72kqpbd+KoTB3SnNJ0Rprhmgf+V+GdDlVK1JmG5XUqVMn9FS4e831kGfoPC6dMmdU66Ypj9VUpvnqFyp1+m2TlDibsNwE8j6tU2sA7SJ8J9R++iJbgleoSz9E2f1QunKry2k5SNlD4lG6FSJbUBVVvJp6rI+oLQgrh3Q6FXGZ8oZP+pVWp2DP57CqZipCrNwj6QVTPcFUGn7KmYeFV7Xh6guOcBGqGdrclNLt0bYwnkim4eUwEU5VKrc60pvshCKPcIXFCKtvj5OFaDXBdo3uP6Lh6gvc9+rl1HEubwrouHd\/9e6\/hrg6k6l4yqjLu8Jv8p7f1XkHQqtSNKqJ33TgZe5uwVGkHPFM5AyVEMqQNyFWsYadM66\/sqjjUNg01K4emKLLzrqqJHWDn+ZVT\/mawAAC6dpgqbQrk4g4CDiGMqf0rw6VLGiRqtlUhMa0n3TWWjKcfK9QvA\/Uqwj8SXOcqgfTd1CqfFMiVw7mB7gzRVIIXFNd1LjoeV0LU8gE4Jy4bQwrAGwSqn4JuC\/4hUi0jCBgeypUCILoyqvB06ncdUf4dbm6U\/hHzDUys7h29GE2u+pFKIA1KfxrGg4R4bi6g6r241XTd4yqTXhwDk80hA8LtnOiYHDTRYCq0n1BIThbgqAqfBl7Ze6J2XwVEavJVSgALmmfZAEnuTaFI7KGtwAmtfcS\/wDRDwiDshgQU9iMsGkoduVeZlF7dl8S84JRdTBuTa9No7Quu0f5kypJ0id1xVSmaXTGSmsG61b2p2E5sid16qYcqjfqTSWm4KqAReN1Tdlrk9tzcIe3+of90e4J7dkPzmHK8FOyJX9TUNU8S2R90fP6qqL6chNl41VjhmFaHepEBudUXCCCdVRaHU3D2XTDW9RqovkIO8L3W6\/iNH\/qj5KfZw9R\/wDV2D\/uqNP8FsmDr9lWu6rr9ZX8K\/mPP+VF1venMteHj07\/AKplT6H7briZ7QdNVZ\/ykDfJVCmG0+ocSU+oZPT0L9Vc7q3EyYVNr3fiP32XFVajKUE5f\/sqZeW2ASBn3XBtba6qVWILpC1RamjKZ\/LcxMAFMEq\/uwi\/EjKc\/wA6Lh7W3VNV8T23blMa57pcmtgKN1xdc1HubsEDC4T+Y4DdVO0ABPDalNwWFhCHCIhCm2YKNmy1TmpryxMeXMnynUsfdN4TOUynUfU6Q9IVrW4bqEWuJliNTiB2iMbo1H7qvS6jRVYcqgyvVNjf1PhU+CothxNxHlOzorG3YVWiZuBwnOg6KQUDATTIwE1kaJ1OcHVfCgr4d4HqXRbsV04XTbOV2ahXAnVNa0nBuKFIo0aszcIVmJlGdQUGF+mSvhZ1cvgv8y4="}
02354{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":880311,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+G3BAADkG8qtSVRq6wKgAZwBQrVt8zNsho9aCTYAQAxQWCgAAAQEIClRjBbIAA+t+nTBghGNgFcyIDVDTsjc1SVRAukJ4ByFlVdVQDT6kBZNP9lqiyAqRkGmU3EtVF17U\/sf\/AHQx2+FVEFOwfz9WyqXdThP7XByPa5U9M7J4gx4VAy23wqfa8sK2ysgIKowesbLh3y0ppMOauGd2pq9kQnt6jTTO6qMseWnbnUHbS4f9T\/8AJR0\/U91vkbfdVXy5zWm5s7rgQWUbv6j\/ALLFRhYd0CntNzvATnuDIOiZWZ07LZjCYSWwdioHUt85Xw5A6uzsJtOGNt8LiRU4jiSymC63GE0mmD74VNvTpBo1VenjJym4yplNMaqk8CpndOq\/hgLqAmLlfhOl31LgQZdKth3sjUYxsvMJ38QaO1oTazDRBVQDqGNE5q4JwFYyqrA4Ez3bLhnh1EtcsaLpU\/EKtcxSV3DRGphAnVONy4enxbh2sx74VPLe\/VuydMIODGj90HdQdidWNIW6wnvDm6QU0V3CWs\/VfCuJDfOpQY1jbKeFbe2EGWqB7ohoVSm2NEcIZTX1D2hmm6YyqTdUwPCdRpvyQmgN5wnwe0J4gwrYauGim2XL4ll1re4+yq12tMI8TcYZGEwvzCpEBybWDvQi8AS\/C8bo+6+6OSrVbDoKpuDDlT\/dSIhVdVS7W\/dEw4OKdVAOi6knKPaZCftUCoOh0eVWbi7whp\/p\/wBlUEhOGEPzqJntXDuzCrNnROyA5UTmPKqCT98KmYf91V7ageviqejsL4iloMqZMJ5Oi4d9mFuqBgwmOMIFaLQr+I0c9VvKk2+oGlU3dXiXVipFR4paDVy4nhGQatLHsqHEssbTOITaia4HdCA67zhPoTmnn2TQQCD5UQ4nyhw5fDzgD+6fDxB0VO5jLXatVcH41waYkqlTur2n6VgjKrDtyjjCEaIvxhTmV1i4RyBREnCoinw9GAZJ3V4HUP7K+53eV8fDOmLB+ipuLu8BVWsb3+UUCWuuC+McBBVB\/wCGZ3Q0UrBFrk78Ix+ydoqbW6lUuFqcQcCG\/wBSo8LS4fLf3OqIP3KqcJJ6jcE6hNNR1QscLQzVVWOLmFqbhn4mAmwKRJ0900vJ6hHbsE6uS2WqjfZ3\/qp5Oda2V7lVPVACuc5vem8O3UhNptao5XLXTZRnHImdN12mbU92YUScp3cIQpUiO7C+ApzJcXIUKdMY+6ee33WPSDqjXo02taHfonVRdpITXOaMIvByF1GE6q6TjdHOqgO1WFTg48KC1VDKo+hPyyE\/JnkBcxfSWqmZEeEwtfTlel2fsfshpadsKo2D+ew2ulN7aqeMrZzUwwn5aY+6Pn9VVbfTkKoN0xgb3FNBm4KoSX6Kk7uKdogbXJjy5M0RITh4VQdSm5iewtdCpusDvJEKnUsELqtmRgr4t0W8mvcz0EhM47iGbh33CH8UqfVTav8Aiv8A\/EP3R\/itN3roz+qZ\/EuF\/wDaj9kf4lwx1D\/7L\/iHCf5v2R43hD9Z\/ZcRWa7iDUpJlM0+9roO6PFPYfSnVa1Y5Kqg2gx8kQpUq5DipbBXVkn3UqF\/DyB2HdcVSEEAYUIjswunMSnlg4cMClTycLxBTrgYdsmG5zWnSVRd3QDhdzMuRfUcJbgJtwZccqqbhD8J7mupFhKoNdaA83D3RpseYVob2k\/oqnTDMD9k0ACPHLG67fKq8U0GAP3Qc+r9UBUqY118KHIEKcYRuG2EZgpzmN902obpUvGoTyxrfxCqTqTx+Gqrd1L3YOArogLftXSezMyBqhVveAMeVUqsODnynlhAt+rwgz+ka7roH6j9uXctVTkGFBXunZKGCrg77J64eYREtQ9J5U3QYTxBlDtdK4Z2bVWA184KFsSfUO0qoE8Z\/Pa6VN1OVo\/7rQqme37JwjHhUT22pwglqaBIWNBhPlrpRkOlMdc="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1436720901182,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":182283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"}
00428{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":182466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"}
02343{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":183137,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="}
@@ -109,32 +109,28 @@
02342{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":189210,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nIZAADkGdFBNQx0RwKgAZwBQhLjz7FpB62Gko4AQAq8q+wAAAQEICmShsDcAA+ufyRGDBYEdZ02\/hkBwZxnkFxSQCEwNmr09iMv2GcGCYXZL4CaRkwAI7eahMYyaLCFHwJhqBUvZ4FiwbKbm83q5RQEYxkI0Smr3e2c1umJVtwLwOAZSuvrmU24IRXw5gV6R78YDls1rjHVV3lFJysPEJ4vHhpk\/42JZFbSjzKOBCJi9hgiClAoDTFrTJ+ALizTwG8Ovb3PgmAbS6Br2N7FYUPNyOxttSuZbF7CLrw5QxLGg0NMIiSo0DIPBlGf8drCUaGKt\/wDKiYzrAWigolNjZirroqVRh1u4\/G44McaeQya0g5Pv1ujIfdnkn6QlAtKSAJRVED5kBMwDoWR3zbW5G3I\/FssdhsxsUzhZ6DHoNxCZXM4Ry3ADeBP8Uc411ld4ZJcdQSPhL4JJtiQ1WGOq+HKxVRNUZzNqdQMvPJSNZLzYGBhoKxC7AxyjhYkZkKv6MhPEn43KEiEY7fSc0QgqHv8AxkxEei79ImV+FVqsFsGoAF3qU3kvFk8ndYFYemHUIFuIUaE8e2\/snzB2u1yQTEfrKqWzoo4ZbbswIrQE8ckGBUj0wxgOm\/TFMgUHO2YSCMQWmXgPgw39SU4lh8uY2hc4BPI2d9Z7G\/JhGBFnJELG1cMPnxneBFNwzSxBkgy7GAbTX0swEs74U4EEO69NiLWgLjodj1mqEqeYdwTrPuRHsMK0WkUWkQbEAF9IBkFEO6mkSNmzBY73MfABPJgChMO55XrD4i4I+gyidD\/iF5+h6JLxpOuwHoEUS1H5od9osIcs6XnXJL6pNDsGI6RIuKlExK9bfE3XYjo54TDlyMvY\/qZuNmJrCfLjrAHaiMt8WCLcH6BYNRgoTA9YodOmDg2FD1kKUXjajSF0QgABCPE0jJfpdLLg2N4sjQIuiG\/ZPyAokruR1swNJuJ86cK1APkKIqggwMAR0hEcfa\/GfW2uBUsUysQElDUahswySB22hEMnSvNsbHVEQeA07dh3rf5EcCxYEDuarg8Ogtj15PiRZcLmIDGJRyaVhgAbyUTxJUiEIFFjGJYzESDeSiHJtyXMLRmtIPLEU1sj0vWkxILg3QYypJ1SxNuFf7ipCmk04L+GHAHnQ6mLyC6JBPiJgfJsGpQV6mxskVsJpu7sPTN6RtE7pZtcoZHQNAWoJC3gsA\/KDiiIBi8jlBaiYJHfLadcboyQmUivmc5GMWbpyT9lfrovKfQ9yyNSQziBIQm0YK5SD0sJbBAeNCAQk6mRiJFMH14Bm43IKwmpR8ghNhVHoyZyj4rKHcUOg8ZfgqIU3\/EJzuqKTxF5hlpyS3PAhKDJ5+N3sWF5jbfvkJcDRJCPJDFYcdxdgM77giYze72cY8nTfqmDxjHjRLQK2D4j55qQzvfg4bmlzPGE5eQXUQu5PE66mMJYmVSjWT2aSIiZSZKxj7DP0bsMZQcWA4uMrZxzLyAbwOz2yDif4QVaAdxWyL+ScPWCf0b0v8b6fIaW3R2BvPJAOFpyNvm3j+2WSeYfsd+z8oFhLeUK6sMwtmj7T7cbkwpZuEDtDpnhIid5BCI6ZEANhNOfx9b9EKTSwx+jAiwYFUkZQMMfQAJRyQCkLCg4jIVfNElMHy65ZPBhFIIsCdi4+MK57ROWTh2ebe08z5xT48IeWoh\/HCCiqCGdRYkTFZSHkUOR6eB1L6C54WgYbFbnGw9gVeE4PVyR2Dylm5RMfmi5IDm\/AlZEfGHoYbHEW7LQxlVM6S2bPtMCKN+sLVEmoTWXyjsGC\/rmVQHAIEuXiwMHg70ozM2HgZQUaYXyMsJSrsZZP+X2Oydj7cNgfElBIbDUAwz3wdNDCZ4XX5calgvOKdOD14M0oRP6jlprycPsadHBl6IwASjudsRIuDTEvBLuG4C4KcDy9xj0OtAUWj+XcZM="}
02341{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":189271,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nIdAADkGdE9NQx0RwKgAZwBQhLjz7F\/L62Gko4AQAq9JsQAAAQEICmShsDcAA+ufamAzJyIRNISCjC4EJNlu5XpA1jlANKhYbuWWh15TI6oFianASnO9KRfh4OvOUZcAEIfKuPH8PsBL5SbfZjyGPOz3tzwUFQgq2OoxN+T1DvZiAL+uIvSDTecjGkaCfK6FRAjdkjuDbI6Kkh08L\/SAGbAIT+6cWfhEizekY+Mdk8El4zesZNgPJ38lck1yRjhuR9xnRt0e2HcFnY0ArSxdJwR8SABGZiLmkV8GpuZQa\/hA4WffBlsdMMtlM14NlPH55FGPg4ovFhAUCGChBTTt179pGV85OFg+WCNcj1GxvhWDhyZUvKFyB0plXoW6\/IAaGCe7j37THzPcNGDBrIHhIyBqc2o6lG7OhtOHNW1Z8UcXa2zQwIdGzrjxADbLGScnOYY6L4FusZ75fsz7b3IQe0FXVgzATwfAoBiazENzs2xB1BHZhkVsE2GMseNWM\/kNRDHyGtUQ\/WDG8gfoldcAFLtAj+LgouIkn62A5I\/G6s6wgNwAiES4tjpkLGAjodGPIDinTK3XciChggwFZunzTDNmVVIdlNiLPew\/JLN0FzZgqLtDSb0mnYTmnDrQVjbBZFyArGwbVtmLDETze6kGSIW4HZWC9b45Bz2ptng9C8hNs3vaY2VZ9WethY1PgzzEAMIRsxRRNERr0cECHUw1VcB7xJpsTzwNAVLduEHfYyYpJJXVBZ0D8GniRo5zYO54qcG5NMAF02Hc2e1jcZQlDTfYaKEEhOozABA7Ag0RzexkItAI43z2CfqodwNbLmS9eZa2B+kidvzkrvZP98JIyvlBNLHUzIHJJnSyy3JLEY4j+7ABPelwEw5rSGAD3BnumCErSBIQGgVOXozYJrbglhfSZ0I\/Wv5FHhG79Kvu3r3HptnyAXEK+FKE0OTfRW\/jBnF4k3Hj3S69CxtCEtV7Y9XvCcovG\/QlMG3jgxcJ4bdIkZlAHydVvKsXQdGtmUvUPBYZ7xJPey5o2NvsgieGqsGhWitbAUDUCQ4WAZ2yHFDcLjQR1AB8Zh9EseRiCBCTRqHboaIGcZw8R2YwCADWnDZRjf3LecsDLrqRhNdgiUG7hITB2NJD0l\/iMcZfoJ0jCAEw5EvNpMhB9PA2BkjRNNI+LGEFoFHCwjHNBOgm5TukXFmhHroAsQjA0AlJRZKNFzOsXZZ6Na6lUuxGAoPW49Md6PUobNTBpvSJg2QgTif7E9ZoyL8zj\/xharZz2rRTpgXc7VGQD0XJy6Hyk86HKz5kbDAOLRcZhM9IZn8Y0NVuSBLkrbOSDDOmCdJ2CKO0ZmhjYCWhxa4V3r0C+pmq5A6LaUTuGmABxh2Vnt2Cm8tLuB0Cy43yzD4KEjBDjO+6EnpOXotjSPNH1M4kYCKh2wQnlTGnAcLYJmSoYxEbw1ZPxmfE2t3zhiqmdKbyGkZY\/bfTQxmSA6kwlLEQVA+AiZ0oGaM4NRGzpindhALRQT2ZmCDsiHkQcCuYdeB9AJsRPlFr0Li5Rxl4OI0sIMFLE7VOIdgFAnpi+NsQgqRSeKOHHSZFM3eFhAAexPpj6Up0rgomOhNiCRueF13qy5sgVykABArqsg7LsWhtp2Jaw5IJAqA+oUKyJYAoFfAm+q4wCmHW7YpblneqTw8VbPmdzUUesHLQAg7Q2RuOZ4b\/AIJskbcZAb5BRl43hGxdeTv4kVYM38JbiX0YTTBliizZyU4ELBTQFB\/EHBD28Zh0TpbMscYHcszgRPTDOdmunujgDWwOQZlmyic3MlCrFrEBBYjoR0fNuDNbsGDBU0bBDBw0JkW7rnhC33OL9VeQ2ADEInZXyLBot88VRcmzSH9gmnHTsm9WXoOw9YmlNB8EuAg8Nc6UnRlxJ8WyNoa7USeTzjiiDhNAc0wFrBcZWznq+b6I7xO4MDEsFeE="}
02346{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":189302,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nIhAADkGdE5NQx0RwKgAZwBQhLjz7GVV62Gko4AQAq94qgAAAQEICmShsDcAA+ufnyVwCJctLTQPdBPyjsSI47nQsIW5zSaP\/Bg053gaSip5cipBKooeEGphrkgYYI9wzmMlPsIngHtRPBtIcajSKSH+plqexY9BsImIcu0bFrKO+pGQckTK3MI0ZScE2OuoRVUYGk6iXKigH0w0wAahr0ngoM3Je4+jjM6TOieZrNm5tILGtkpEj5azB0lpiwx4VghIp0PKmZAdqRVY2fhmqDdIMm3tp+f8TdckCn7jvSEwsJ4bMRM0MknyN6WvibDxoMKcwtLZvkFNzsq+qFx8NMtXVtjJakEB+2XVxbNGBA64KHm1gdDiRnh0j7QrWxAebJ0FtMiMxouhIM3h7oC51TCMS1nT8MF\/Np8jWiIstb2KBmxrYwwUyBPBBpoM2nT8LyIxrfqgErx1Zgs+PFiC\/OTphCJ62mtg0nBLo4TgM20bXwQgs4RO2vPqtINqJHy8CNP+IaDjRKGdGegIjIrUdiAlgyI5PQ2O2N1laVaZVR3WHYbjzRoG\/BBUyAp7ryDOPTh6Z0bj5\/m452OGzooVRVCDnjTxpu\/LW8uhbJ\/mEPAsCD5smIBOM3PrOZpgRGlomMOfLb+SDyTHfNJohQQ7AIgtIEimrsPpFkHtyBgzhV+H\/IyDpfJpku14IHVu1bSdtGQ37BsbIA6TqRvCDIX2NTpy6MIXOXRuGw6SBRDjdmruaZvxoH4xEF\/wnq+AJsHEEYRgwKQpFc+2TrHgLekSGg10LYS+ROqMPxhnSQ4pIZpkLWqwTi70PBB8RIbjDN2aA+TQJsCNo1NmCARS8l98nBSEiGwI6VgxALN5w9UpkbNO5mo0V0BiNekfotHsGh4EAYcxLkze7azCV3wvcb5BfO2YQGsYaZFhvaHMW2yX2xYEG4LqhODbkAPyB9YMbpfnZf5xEQXduCNQMIm2g9VrAkB9Q3dilFrQjDw5A4PAQ1fNFBJwZy6MSDYAuilIq3XJPMBnsPhxp0IkTniQfwzF5x+I0U0xbDKgtwapgEOhYQvWtWYkch5DRtigzzjFAyKdhN8WRsAgB0jFFVmkTLcQUGWvkFHV9dxQVZQYjncWoikcyBP18lZfxQpTkwjZZFSAEhf+EQaDbJE5KhoVnABvJY6XwAhpNsNwXYbxuFKd+A1sJMW5CrY9unbWGcF1bALcSNLxZ4GRob4Qc6QsgmDZgd28TRAM3C4dF21nJ4dYR3WR\/LeAy3Ft7jaxHYR+Ii\/UngKzPqLec0Qk5855tYjgt5FQhQwA0NNRVTmgBhFR3w2yYuvENcV\/TMU81j2INrEqnm1yBei3mcQdbyylZKEQNKGvtF5T\/LT5swwCMgl2yeATxMY8e1hDTCeRBBQo8G0VhlL5A7jGNi0YZfkUDEYaYcsAI2MGN8ti+M+aNggTBWyn7MEj7AW\/WCNEQTgDjJlYpNJMkPADYMJOLAb+yx5tmjXm8UEJrIH7PIsfft2AlTQdtuCmrfGyPNGZwQ9j0CQCwpplHGQJBhzsEmsIBO+\/3HPC3YeTp14h4l\/4T92P7bcQscSxwUB\/x9wwvHTPCVHfKl2\/rhHFEHl0oRVjcfZ+yx9vqfS0zfhciaIEFOIAdN9MNIKXM3zre4LqbVdARQkhj8WCgfi4DyDwrRyYlKBZ471QOQwiwUM74OIzWkwQZiYliES+LFDUnbKW7ASL5kpZGj8KbGycbGGbsc+Boj4vncdJqgDhmN7nGVKL7J9c3hv1ekjuF1GXjzU5AOJeQqsZ4jDU4w\/Mb4stHk0GlpYiHC7JNHYG+Yf2aBsMWnWIwW4ce5wL42wx4OCWSSmf8BmclPCwmZJGvngA0DguyaLVSagJdWsLxAEoGFhFaCbFIWOI2pSwI+6MOwxb62fd8\/1JnRZaRF41QoLzzJmL3\/ockKKy17F1crgavTE="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00774{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":262544,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00550{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":17091,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5AAAIARdcjAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00550{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":19075,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5EAAIARdcfAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00550{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":20631,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5IAAIARdcbAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00546{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":22462,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5MAAIARtB3AqABqwKgA\/0RcRFwAbz4HeyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00550{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":24293,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5QAAIARdcTAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":25422,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"\/\/\/\/\/\/\/\/ABsv8H60CABFAAA0BsVAAEARsaPAqAABwKgA\/wIIAggAILagAgEAAAACAADAqAAAAAAAAAAAAAAAAAAB"}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1436720906070,"flow_last_seen":0,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01261{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":70589,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="}
00427{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":70741,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"}
01730{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":201021,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1436720908216,"flow_last_seen":0,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01719{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":216981,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="}
00427{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":250978,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0YWdAAFUGhwwfDV00wKgAZwG7hI6seHDGv38X04AQAHYJOwAAAQEICltMay8AA+5h"}
00427{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":259859,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02324{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":430543,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqYWhAAFUGgZUfDV00wKgAZwG7hI6seHDGv38X04AQAHYxngAAAQEICltMa90AA+5hFwMBBgARSjwF8KhmW+xanE7Cgv\/HSeKfgB9iJwdyFf7NjjTFJxOJ97KS+l\/PKf9a18l3iaN5nJnghazHfHKEIKPn0HUVm3aObaE37OE9YqPGRma1S+RTM74dXif+0iSSxDn0pj9FkMiEQhhwpKbZTwe6Rma+4mOaI3ffuaHFUQVI8eXrEh+32DbHqMURzga2ro8v5i96gY1ciGkt1ZKxVQHtAE9OT+s6wAs73rZCIoOezZo+1KrVH7lB8hs8iOneE0L\/y6HC8+CcpW696ea\/DwvQ2tYNSWxpHpRJBTogcPPFvz\/JG8q5LoWYz72aAau8oktbMc6sSw0wvxuz+4U931T+em51myJo4clNg6LXF++UJQkliZN3hFE3O0tNGniBKUyvZgZmc0CNjtTLc8\/ZGXdg7xAG9Hjl3VmLLbM5WeOqL8TcK2Oeio8KKXsWMMf7AO+FdYDkljioQ+V5Qz8eH+h4xam36OSGGk5v3\/GNChk4FGOoQa4ijz2zszw+La3NZOKMSqptdUgOYI6FWf7M6sz7tf7JOUwip+aQGPtcm1foaIABYTdjML2VjP6Hcf\/1r70k0Ttw1rBM2IqlKSMaXND\/ec3Tk6NvJuEMY0EkTO0kTRAdNe4OZJcte4lcpscyHxPkJA8sMwRyvrFOKuPqtc2NjwlQ2YY9tFx4sKtOpW6nF3YS3ubg9R3r1ALqOAKY\/5U18nRRWLef9TQiY8FsY7G6xDGexOezRiClEKIbz5gVQJw1mk\/mcShj2MW0Ac8Q0kmGFKCYDV6OQ+geveBLyU8R+uCOvnOb5w+\/aGvsBXAaTSK+j+vi3gI\/HhBqiEFZi5p9\/f7p\/63KWDJj7Vsd2ZjEQvevv8UvW9uvUJhZhGLElPvqAriqFpbe+2mdQBgaaQ88tr1Fuyoa0Zlyyqh0PRvf\/yxvnK0ejXYMInzDkRlKob3hl0ePhIXSMzbF5Dl3m2bVuw55wrv237UgiMxWHEzLXJ1lRUsE1jIqwDYxVBCTuJvvRTB4202iSO4ttzvmtcJJdOlCIyXlaL9KqFDahV7QkiN7WINK+2N+e+MF1io4CBCZ99qYxBObgrwqN1nWX3m95zZSEOYMec+DllH8BIz3ITrdJeTFQPDq4g\/PLibA8xb09JTUNkBP9+U2uCDbLGlhoBhzk16Pij5N0+pNGo1aPHnFJ80gLAso2DjQoNRFL48qTAyFGpm8IxJY64EWb53MpBBQbeOT1fmrEmf1fBnhu4mvqfKzeuVLaGhNx4BlVxMZ+LegQl93Pg20Jfxlv49gWWgAbQfGZNM4rJNEFKqR558JjHh881qe\/l0j9fRye56kq1WM64J9tCLro4yNBiPhBj1+v0BJi8iU7LO6QlXCv7Ij1sPoibxCA6cU1JKDIW3h9Y8BuWhQe2fpDs+s2IrH1HGTu7dy9+BL6QUEpi3NT6Bvk3D\/TJN+gYMqXRvHeFoURMw9Ts93HcCIlWEiqbAial\/D\/xIqTsIeCek+QG\/5qCErLGThsJn935F9SpY1jGa8zSvM6FTdO2luwW9DMl41Wy3+ZsHBaekN9lTeMrL80eoGTeY+XCBiQfXUZFcQCy7Z8W44QiJsAvZCBU8\/wBFjVN9twIjHZZaS8zwalMD\/UNlmECLxDGj5M\/hKOspYOly6Sp5vumu0Snr8il2oI+s2vbxw8HlhThk9mwJoQuiy1qxxXui8kJh1oQvS3v1wlirdDTLVG12LB2POxFe0j4Pz3yBl8nkDNEY2g8UrpwkU0q7\/lEIpg9ypV4C2FKuxS9bRiUgypJamzPSI4Gp0\/DdFoAUDR8WleXzgmUB9tD8BDCsNQJU1Ad5xy6EWbn4B04HbwiUJpzYi39J2Bmm408sEuoF2"}
00428{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":430696,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GbFAAEAG48LAqABnHw1dNISOAbu\/fxfTrHh2PIAQAZo9dwAAAQEICgAD7nhbTGvd"}
00626{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":431001,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"QPMIw47hABsv8H60CABFAADDYWlAAFUGhnsfDV00wKgAZwG7hI6seHY8v38X04AYAHZQJQAAAQEICltMa90AA+5hpaN2iHfEdv\/X3pr2Xt6PWOrdWTYMlE+JBgtriQdQqsJJVEdRWj83ZvHQme+6V9l\/gV9Dtaxw1VeeFseSZYUkAyBGMPIcSJ2+VNcYH0iI1HitOwXV9j0T62qHHtMw7FKCliiHdkIsZrHHF8Y\/sTvDmt0\/hraFG9jcmj50TyPHVMKujRCQwbDTNeRqyqJKlkw="}
@@ -151,43 +147,43 @@
00427{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":432527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0l5NAAEAGZeDAqABnHw1dNISPAbuBQINCqOzQcIAQAaM9dwAAAQEICgAD7nhbGGy9"}
01457{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":432649,"pkt_caplen":817,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":817,"pkt_l4_len":783,"pkt":"QPMIw47hABsv8H60CABFAAMju1lAAFUGKisfDV00wKgAZwG7hI+o7NBwgUCDQoAYAFwalAAAAQEIClsYbL0AA+5iwU7OL1BOP6W+69MgTa7kJMvrDZwAERif7IXm0\/yV8DuwvtM4NO7zugIMxMw1qvCTQPzrrJT29ccXkpQ0gfaqUrfaqdIFj1GaQH3ra\/gtamUIA268LhAuVYmf98h1gRhDYy2bfU4CC5g++OIIWcxEbUQc7vMPXgSou+YzZCg7luSplAYGSPKUGK\/PJoQe5bjUbI\/NPyCnmM\/ueb6Hb1dFVRmRUExkvd0enYSXuuv+PJJ4USY2VJV3efw+86gMy3461uCYXLV2o+TDy3MpUjucuwJwHOLnxdwX8QCxXJt4yZ+rWEfA7Cl7c8y5oTV7ebOeXrbxTjNHPK0ErgwNBkr0jm66tobzD3zUhrAxVXql8gPKU9oucHClBn4qVOD8GNw0n\/DT09nm+zx5TYolgqIr7oiWSJOcx3+8CXMVSecU5xN1eB1fZJq6U\/wc\/ZK587DNV1PRcq3Ug+eAOPwfiSZs+438nOHGTt4aX\/l7opTQAA10ZB2DufcAmWttpEc3hcOPkdjHfeffvB5esznyyVJGswMTlRarGNfUNQzr2ZwbQNEy3Gfl2aR8fgqwFlSWpJeVoqbNpU2\/w0YL7L+V1IrAKa1WB5UBQFTrmSNJ\/femg3728O\/9VV4Hn4LD8UYj4DVe7jU03hs2pjwcrb7gmFS7kTknZO3DuUT9fgJsy6KURhO+K\/8bThHqal\/Z8W3tw4RMe3sSaXjMHvQH2Hvdll3Ch\/40F0Eh\/pxQQdhu\/LLe0WQk6CAt9Mzwq1qW+QzgpV4WNltE\/SD9vm2\/ueK1866ka7KdUUGT4SkpFxF144b+bn4RakrsbmW2f3wIOhFDLD3RI8GR19cpoTf68Pit8+ad0F7Hlk6KNHYS8zEXmqGwa2+wGL8oKHopuwLpj9aXPM3IH7gd2Lr+f5hiCRF\/\/tf04pVyJFShpDZF6856ekomjCHvNoRoiVBOLSL3zpb0\/lgf4dGw3F8pnLGLUOv\/1KOQtEGquL1fNZ9paVuCoNaBDg=="}
00429{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":432710,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0l5RAAEAGZd\/AqABnHw1dNISPAbuBQINCqOzTX4AQAc49dwAAAQEICgAD7nhbGGy9"}
00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":464754,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00478{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":464784,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1436720908466,"flow_last_seen":0,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01713{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":466005,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="}
00427{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":518251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1436720908521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":521089,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":523744,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICMgTADUANxLxN7ABAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAE="}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":524019,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICINDADUANycOb2MBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAE="}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1436720908531,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":531495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":533449,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABsv8H60QPMIw47hCABFAABL7oJAAEARewDAqABnCAgICGesADUANyZVhbMBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAE="}
00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":542421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"}
00428{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":542604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"}
00427{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":567720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"}
00430{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":567842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"}
00751{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":570222,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"QPMIw47hABsv8H60CABFAAEjliwAADgRGn8ICAgIwKgAZwA1yBMBD5NUN7CBgAABAAoAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAZACoQaWdjZG4tcGhvdG9zLWgtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAADHJABYFYTE0MDgGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGrsBxAAEAAQAAABMABC4hRqHAcQABAAEAAAATAAQuIUawwHEAAQABAAAAEwAELiFGpsBxAAEAAQAAABMABC4hRo\/AcQABAAEAAAATAAQuIUagwHEAAQABAAAAEwAELiFGqcBxAAEAAQAAABMABC4hRrc="}
00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1436720908572,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":572816,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00622{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":575624,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"QPMIw47hABsv8H60CABFAADD9CwAADgRvN4ICAgIwKgAZwA1g0MAr7pub2OBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAhACoQaWdjZG4tcGhvdG9zLWEtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFRcABYFYTEwMDEGZHNwdzQwBmFrYW1hacAmwHEAAQABAAAAEwAEUlUamsBxAAEAAQAAABMABFJVGpk="}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1436720908576,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":576723,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1436720908577,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":577363,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00622{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":579988,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"QPMIw47hABsv8H60CABFAADD9DAAADgRvNoICAgIwKgAZwA1Z6wAr0GdhbOBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAA3ACoQaWdjZG4tcGhvdG9zLWctYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFQ9ABYFYTEwMDcGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGiMBxAAEAAQAAABMABC4hRo4="}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1436720908581,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":581361,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="}
00440{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":594270,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="}
00427{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":594484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"}
@@ -268,7 +264,7 @@
00428{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720910,"pkt_ts_usec":950960,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0kOhAAFUGV4sfDV00wKgAZwG7g+MQ46QTobbrH4AQAOvWPQAAAQEICvAgu0UAA+9u"}
00477{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720911,"pkt_ts_usec":139558,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAAAAAAAAAAAAACABFwABYvSEAAEABOqXAqABnwKgAZwMDsMAAAAAARQAAPKDWQABABiwxwKgAZ9g61GqoYQG7BIhPUQAAAACgAjkIbeMAAAIEBbQEAggKAAPvhwAAAAABAwMG"}
00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1436720942507,"flow_last_seen":0,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02370{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":507631,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="}
00427{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":508241,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"}
02365{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":509218,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="}
@@ -284,12 +280,12 @@
02346{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":514223,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+7Y5AADkGAJhcejCKwKgAZwBQolpM7krZzhvj2IAQAkv0+AAAAQEIClRk1IAAA\/vFrVw9zLLmdVIXBHc1K8ULIbynhcBDMiQxaHQ5jcLl8DgGTTU5qYHxH2O\/0OkySBpmohk4TdOjaADQJINF3Aiaea0K5AGmq1DzObZ2XaTJE5l8qvLckAaBbSQsperkRM4kLDHD5Wc0SJppRoh3OVYQ4hkBEQXYj4L5cNtDB01LqLOIspc5LoH3I6YLAxwktMyiCre+\/HGuvZK6SjFwww6jqGUmIdBXpYNKroQcbmrYA8AyQfEloxnawWQ7b4624bB0Q0eMjCoQGW5AvGmjUYMrIvjvuSOChpDT2NVyAew4bojg5RLo66PjxOrx8si0i0wl+xdMNQ\/J3wrE+DA2fAKD0WRvMo9dHUfaI05WmCtbTTLEX\/QTEtjs1KYjSlcisV3HR8OQobmXpBoAmiOeFZoBiBRKiBOK+Z+3yZEOhVjtCJkFgAOrPJbleGgfwDJkCFGlZcp7aYmVSy2eF4wqBE4jbwxV0UhQ1h8zg8OTLUmPi7XQvWxBDvTRzDxwQPe5MsFiea3FhXb81zUyVJRt29CYq6AUeuC3jqPRqingoHg92cdgoZk3x0zu7SUaBeBWbTdcHl9HmlGpivm+BoT\/ADsBU5xEmfpFJ7MhRdO4yAIXohXBMRdrkUDDdxEwdn4spqDLSWg8rbkbI7lBjm5MfMIXRQxOJAXzijNxa4BEq9DzZ7uM9J9O5p4EcbOFLEkQWFfrfBHKhggnIkqpEY7xFPGkFyJtyVVCAEyhGtFBuXMEGDNK2oAhcccamlfq4LuoBaJ8akc1NQQnGD+Pesq26TVXBbHsG5AobYkQWYtnDPOMoT\/FXr56DEPwHXg2jbsTOfxPVn5vM\/ovmGvHiRx0LKYBiw5wMqZujbY+cKh\/BIhF+yQwGoAnA6JQMjPjGZB4ASRcqaW6jTbtMUCiEPT2Q7Zn9mdDo5qyraCbHGAKrfjA1PvEnCz1+D25eewrKl4v\/bHnY5BIKMBwJxCh4n7B29bLPwT6QuM3gru6ygSTHZiQTkcQjMpZSey4IceOEqOLNOLagNfQ4CmVFxe9KPrZed5gSbkaSHHLRQLwSVwTrLsQ2uC\/G90wHCK21QtdWoLB1HMMrfZs+\/MdwAJbYQb7v9Rc5go8DsIQQ0IaoNSQqHEfEHgpQGuE1P4pA4VsHLlQU7J0TwgNlyzvmsgy9ghuK7OEBG0XuT4souJazsWQsSNKDPLGHPE5jOI7l6LUr5XoqRnOcFhC0FwBgmLibVvNYuMipDtohM3giZ2wTtOHhCBgzRQT1rRHFL0Z4jguFRlLjFFa9Uee7oF8Z8Eo7B45EpQnlWC24qh2tyXhOiptogKpHPn+V8bL6lKsoKTmBcHjWnABR4WEJ4x5hxBBxoEAz3iZ5YYuNOygkDNiluyTsi4dx6KOtM9pUYf9mdwC8VeriYOv4BQI45CT+8vnjs05LwYDCERBcbzQqTHTJlLSU4h5ZfWhkKJATGF8+oaBLjSlhOA+qiEkJkx5sZq2ED+AHKYSwrp6ZvFOOtn6zVw0ghWHSAlh8ZnpQwNpbIBpwYWahgOdrP2M0miFw6AY7UTgfQwQC0jczGhT3oBEEyP9CoFcbJDQ8UmlWpTwPnFriUHLnMhyOQBHRxAI\/ZNcCmpnzGxeeUmEKmQxHgV2C\/xba+V4q8a4bRSi9Xps3xzJzAuZSC27jUEKuQwGx\/44hNsZVJ+60\/VCIlHEWuWUIO\/A1Bsemo0x4EfBB2DuqNS8AerKeVMz7oiOvxuFbClF690+j75InE0Pws+7EjixZIlk\/CR\/Eyt9Z4KEE\/B5Lu6AfRm17YkDhZgXFwbB4E1BRFyFo5YQN5tnHqJsW4XnALuDS0kqX0t205P0FaxAy4N2ILtRPOHnvPeRGTwrCqip8i7BYPQ4gM1E1ANytOYMvog="}
00429{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":514436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0JexAAEAGxsTAqABnXHowiqJaAFDOG+PYTO4\/xYAQH+pOOgAAAQEICgAD+8hUZNR+"}
00429{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":514711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Je1AAEAGxsPAqABnXHowiqJaAFDOG+PYTO5K2YAQH+pOOgAAAQEICgAD+8hUZNR\/"}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00779{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":530885,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00770{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":580781,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00843{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02347{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":592195,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="}
02355{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":592409,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="}
02331{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":592836,"pkt_caplen":1475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1475,"pkt_l4_len":1441,"pkt":"QPMIw47hABsv8H60CABFAAW1MANAADkG3jlSVRqiwKgAZwBQ4sRSEFegL7VmbIAYAghY7AAAAQEIClYL0tgAA\/vKFZnZQVzAORUAGgshD0XzLWitnF1RZbOyYY2jBkEBNPfpsFJ0MwR2xokUKk0tMRGX0+ULNnYEnYNfWxk6D3Pnej5bi2uly2Ncen4nCl0ap\/OK5M1MDRb7DlaKILxJk6KO5nCIOoyoBpkY9jRFD10QJEggtrzgw9vHZPqSOeaQmWfu3NWXpDBl9HidlS5IM+lPtuAnHOypCaOkFexZHT7LBydbA68EOyVOaEXDt3MTek5gTqq2669g7n1zDNvNkDCrEmtKseNSTYBSGndz5U12mrwxkX2QmVrRYgHVlxXHHdQ8nCZnqOBpPPaGYE10z8zTjp1dODtoPolFm2VzLWuvhh7CQ+d0DQ\/mTmvrb5j68el4rvfO3ErssfSdGGU7RtVUETBMSsTXDoR0ccOsnWCEkM2mmLLqL7UZ5pQoVi3jJsVTQ0bCMg1achKtXHu0hBtqXF4R52reGKB0XOy4DzjTrg+tLyF0yF6zwPpHnHB0jgGw3igbdGFni7wjMtamXc4sDatJIzzaARw9qDaCA0FQqqA2qulhUQzAuvyZBp10EAKnsZHYxTyR4VGKh+05HoUs\/F7\/AJweK6na2O04b2yas0ZRp8nzvTcx189Mds+Xj7lOXnfSi8tZhprEW9BnVOjl4g93BzWlmQqlLnCmnSCpUQanqYOyM2weaDCc+xm5o8o4\/QSPPSZr0WfBmo2sY\/QZyGb6CEHksu85zDWzoOMtzfeQxD2ip12I19Dl9Gl0Hn\/ew6M\/BfLvWvHLxtnll6qQ7xEVUhkyJZxKZBtGkFONtYYU2QTK5XdKGceTmEkYIsW7m6cm8eP6DA28t5gl5I7Ga9Nn3s24yzz+euNieVoyh8262aPG08u1SXU0u1DJHsPmPq3jfD02ECLpy22zCJZD5NFLpeZU2ZyIWk0TlMDb2kigbQcM0ksYIQNgAKIqCqsi4AC3mFcChWA6IhLWZWTCbW3C5LNbZTWWxOyHa97SPz7mjgB5aWjZuLtloZedbrNj9J0QYvRgY0HTYeTanbA3Ti8UvWeHm5W\/zlJ7IS2iyu+DkHTHMbnJmknKhOjUDGTUuwxk+uK8+6CX0xFfQqs\/Q0SUBE2QapzteY+UC7i2Tzt\/QRU+OK3xpevZCWkeN+E\/T\/zTtlnHU3b51RJrRCUGDQ63jNGTr+TzaJefIqeipi1g33c1pCQ76nIUynphX2jhVrAdEnzjdTgOZyoDiihs+xqzSzdoEQCkTG0fWNJ8ch7R5FcZhAsMrIQaH9CcPo5HmdA2cQfs+O2NXQqPOhu1jrHGW79doY63YiuQn0uYjLnB7VUs9mj4iWNXQOACU67BuYHIR+fRaB2OUzBDhbACpMmOjWGrDQqGdIv0jy\/1ea1OaD7HHfIM19WDk59BmUpW449ToANFlKssBtUIiHoUAMmTTMhggmgK1CVMdEQOhbV5uQG46KjkQh9gFz2mm8J9gzk+862TSKfQaIPFIx1unVOKmmkSzumKq9UDq2jKh0RTld0qCKkL48+zPly45Cq8nrwBLrzw0LMk8JWC1oOppiCMHsYBow9AGuQ9P83oy+sw+jM+MPr1Mu3kNb0cieXz3teW7WWMfsEROF5R6D5VsFtZfoZlukaLJNthsm9C8pIw063hdPOrMUmy5MpGInR0ejby+\/j7Okz9IysvoimuGs0sreCx82upM9m8J6bPT6Gx\/FHzrtcciK6OGF9C4Xp4RVZXat0cvURi0lypVV6FgYVpxaMAwi9mK2vaGC594zaKZpUWX3MD9B8\/9Biur1wgMN7hTS4fPVdVU1zUtMW0JDTvc5Fu1MeVPVqpUoYNhwecwW0XRAN7a26FZm2oZPS6pPJ7JGci9+k7hvI2JttnFp11LzrKh6R+efjsTZXZnTs="}
@@ -304,7 +300,7 @@
02340{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":596803,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAdAADkG3ixSVRqiwKgAZwBQ4sRSEG2\/L7VmbIAQAgiUAwAAAQEIClYL0tkAA\/vKD1lDNRashXJu1VVIkLdGXWY9ozDcqkVuQXkxVLQtkGdE51b2GZ6tlfg4\/uWTjPiVvrodrz3R0H0mI4OdVdFLOFehvo3j+\/Gnu7s5iztK1BpIVEJpldV1VqmkqvXIRFNUjSuJVF7AN\/J0vGyE1Odc03SUihOKBcvWzcdvlLb5yPSdXk4RBRMaq9+TZ1eXLvDoOowdHePM9PvN3K+GwtvzyFuNzu9F6rTxdcQeh5bRnTsZ5J1Zl3A2JVF8vpeN03ZmCR2RPI2M70c+sv5rNxrsp82PN9Jtc+dpBl2ZMDrM+4dKkpv6TTN8n6k3rjQQ9EqV7UMlZCMIqUIxTmqpIuvGtpFPRZrLwttaHU2zbOnY1BKpZ1OpieryjUSG9TmWeVnyhBVVqkNfXRGCax4NGXbCmyXZfLTTCN0ecaCybxcaRETk6drpem8\/sxNTZyVzTrsvmc6GtFGTVtVS8bM6uNHED+hU6nmWd6mJT7CzN0dSxnWsKNtDIPOAVRnFqFU6ds5xUXM94LU5+gYC7Dl9Jfh7KqyVdk06dpGTOgcPQCw2+RqCB+jpqlFNKE4A8JRFbv4vX9PBv+beieYOBmUuXsdOqnowsiemHRZeZY4N0MIjTLfBzs4k9CUxVt4raKbHCoFhdGbdrBh9Gdxmu42ZZtlRsXBEJyWQlr9ORLj8R7Q8iGYO9labwjVSlBlSdWPaUp3uar5JDzg7U7aJWr7BrdYm1tmkjyvZrPwT8r3eKqu0XWKM0vOaGio6JpVqhUTHojBlDc+vpQWhHLQDzhAeetTFyzq3rsz2Pl1ztCNuCzolS6OcEbXeDBhutm8ezTqpDq16BIn0hjtqA41Pc5ro9ndONnUkNfByq7qGVwlAKoMwWThq3OhG4Tk6OfzTgd8TN\/md+a0JQnGliZ0RTxloYqqK+Pxup53TrCaSY1dlbTQnFGh6p5T7L08WZ5J7F4xFtG+jHpZnYEkwk8XB2SBo2ViTOnKuocWlUC15E6eDY4uzSKgnognPKNgy1y1o0ZMstCKdftBUt8v6d8aWoaq6mKqhdKGIxskZ1p82BWEzFTOx6Vb3s1BrU1B7npVzm2k3PHO7ccOhN7XHWKQEkBmlZtp5xuCEbqbVIloLdttO1NH6oYyWhzulZF8x23ZbHHvxvnOgZlsZ6nw3e5qjJ0c14VNfXOdlka7RM8+TNGAllFtVNwlFVslGscL7sbBVek2VXdBTKM7UBp0g0HriqnjZLt38HTZp0XqK5IHdybhiRLbneLyzo1JdlFPF0iMJwT+fM3oPP9cOkhzA9T1GOjHfPDd3KdPP\/ZuT7mzn\/KvYfJJ0GexZ7UKbDhC2tJPOIop2G0Z1hNmTmE4OOUUkJnZiSYE8XEySFbUk1aqkT9etS\/yfoStrKuYp3tPKNiIyk4oziqE7MiydE6VttUbmcqXh3SGZoxCpo3m9Xm\/b442VXejgJkn88SMMpUXERuagEXiWQhVfLOPzOhTkfdrZszrHXFuV5X6f4VOhXQ1bXF0aO3n4u\/NpTxbZx1Z59lybXCy1GN9rAH0ZBiy1Ip5FWxCTGp6CiDFo6KmWaYMR3kXcbVUVtBKUU0XF3jDcawNHWaXJdHqrOc6nOiucYka8ztHD0ytiVdkaMkpItKKfgPJ+j8sZckJ1YOsK\/NhUmYl8A6PsgN3cC4zf8zg6aXHl5vVyyijTnh+3sjTho9sGPklsZZVdd1auLTiODyQoRsgCUmCKdhpkwnTOCSQMkg+tnez5Ltja6Y7s6JPCQPOt2rYs7TsrGVu6BWRsuY3Ku5dM0uaqi0Nzh2f9b5Zl7DXOTzh+G1LQz9cLZWC0gM3r+9x08aH3w9EVvgkOdDtec7jk2vlFsdMnx\/1PztadadIvip8Uep4W2UrILeqLRlNVTNI="}
02335{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":596864,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAhAADkG3itSVRqiwKgAZwBQ4sRSEHNJL7VmbIAQAggvnAAAAQEIClYL0tkAA\/vKIyitJPvzo6LabLr0Wrbj20tJs+pmpZk0I6GIJ\/Q1nH5miiyUjSZTTQlGKYLQyorSKHr1z698HfdYed0eMgEiuFT0RePrTbtKMUmdI874j07yXKSK6pE0inV0s2nauo6YW8buxzvN\/XeNyri5dWJD5A7XBYsbTGY8jItaGpzNIdZRxlEV0uWSer5aHd3O\/P49vkF4LGgjZnSbNJBWnQJnYbJ0H1+ov8f3vZCLHlGTGdIGk7CdSdppxQWPCVS9lb0iEO2skVVxFZVXn9uOK45v0vBp4O1yMGPlXMzQ2BdiFHeyO9x00eN7XxLPTG2wT+zAkujYium6gI\/i3oTWo40EDqsNZUncvEVUXvlFaGZvSmEgNnTfKLpBJpRstHCwWtmTmDS626QoC1WzxWuu2cjV9GGzdALaINKIJKMUq7Koq3I18eK1oTYIbOQ9z12VeQ65yk0Yizd5zZK0oSbO4vGSeZ4p734fnOeOcnkHRpTHhi9OOHF6HRD3Jma14DVlqGBHQcMYXdppYVG49nMrbEtYdG5BgeZpiBOFs6GvFHk6LT5cVnSiYRo1ndDoTpw69BzB8gt7PNAFJD+upVy+N9Kad7TO8moylK5g04JydpCTtITqqTJNWzVjVxtWQGhU3c9pc99DwrdxOi9DEDid\/jpQmnl9Gw4mTZm53mTscPVieN9XyXXjoasCNMye4xO25N7YSFiqs+\/Hlg9LWPhWJhl2xIE7yYQZo1gXVyoZEsLeEDRINMkvPVBAJYrISANoHpKqZdBoB32gIZ35xGLH2yohZGlWnjFNXZDO7MPeyorQeVg63udk+hw9y5x8\/osCQcoasOotCNm6ZxUVLyn1bzmJ4+mM1lVXfUOqudzQMq5sgqpAZU00KqdAJxRh6tYFAaj5DtaAtU6SGOta52joqbOaq6AJgE51UGNmWCvDNzx06dRgGlYNQdiuIQfVkoN8X7t8gL2EyHVTbZSmWJk1bMaVK6uqIWKuAowVFIioIfVFABy6s9Ln9DO+o8vZ06RM65PAMzWjuoyOmkq0sf0Tn12eU6TxPKw9vK0uvAncyu9x01NCp+fUfmcacnd42uOKjlKQMEbEOmWbVNk3snEVJFUGEm5VoHqh0r4MzLbc6xom8Ei4YQ6VmTXtwT6omm7rIU307Zj12VbZxi7TUUpZ1MA2mKNslKiEZvpJmjVdhqsbZpl8tQSM41Nzk+lmrq7h5u3iO25uDxx2hOZl2WktIjIk1pjgWsKFiQSGLtxZly0JhmuakZ0Dr0wAdSCeGNu0WY9e2O3lNqU0D1zpaQJNTEMamsqjZqayLDIMmVl0i31hJn1jGTfE++7pxJO9DPNqTqMRSjFqHplVctQ1FqQ1Ae8uGG3VkVtch2noc2LbRq+tybHJdL57jeXYFtUugOfPk2PScHV4OrkPNihurDQ0hdgWz3Wbq8vRRkbQUnnGridbL2PP+z47KZGZsswkBimxtbPHRs5F8QlK+QxEe7WeXoDpAkE3CGzeiyGI4XQEMMhaCp1JnfWj3d0vTfVpFFBA++VKeNDShLO531mzSaVFwx2dEXQ3c8fjrptCcaZGB2fLCC3udNU9ZUpzrWGVKH88IsHKFVKmpTNXRbaFEWtACbR8BZgWgnEdoc9clYUI4r5DwT0VkDp6A48XRWccA1GucqB4kVNCxtrY4llg81tdNYlW4IzNRapfU02b433HaxUq1Ngdo10nHlUEo0UWr3Bz9o6LOxsjfPVzQhuqJtTDXHri7s\/0+aO9mbO85vnfT8hDj13P9tRbUH3XPr0XD9d4jhYuyMZ1YFegYPe8u5GfpZOd7Uh7muD1NvMh8vg0G5TRWSpYVhckRtlBAznFMFuawWYimbk996QtZsms1XXoFpvIZlx0KaKne4O5KBM="}
00429{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":596895,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0n85AAEAGbO\/AqABnUlUaouLEAFAvtWZsUhBtv4AQFZMuLQAAAQEICgAD+9BWC9LZ"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1436720950909,"flow_last_seen":0,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02351{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":909974,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"}
00428{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":910341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"}
02338{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":911439,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"}
@@ -320,8 +316,7 @@
00429{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":916475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Te9AAEAGtoTAqABnHw1WNONoAFAuGbTPoOMiyoAQH+o2dwAAAQEICgAD\/xATwkKa"}
02320{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":916536,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgNFAAFYGaCwfDVY0wKgAZwBQ42ig4yLKLhm0z4AQADtF+gAAAQEIChPCQp0AA\/8Kkm4H9UNUlt5SifkUxFo\/6pSRy9YVQkaVisFWxSviLzGtFeJ17dk9PuzywlM2Zne9TeoTzdVaw3q0W7rpcvd6ZXetVn4upU6GmrcOittPFjiC9IKbgacSEZXmYOU7kCMqmARbBX+D17WwtyFo5rl+10YZRllZIvte0X2S8llzqgD\/e5xq3Gbi4f+uWcihLe7TsKW4iPUEV3u\/ZBd931oIeo2Wu8v0n4J8vRdt3c3EYnMmT3H9Zygo3tOK9zZYk4Rn93fFb2DbsJBtS1pOmN4Ibv9saEBrCm8rAFRZ+OToCvEM4PMbuTAwXDY65AW36rStQJTT6M8xPDAfegP\/a+jGogLisdOMcK8I2y2PxT093jBJFvrPvdmEGEYwljKMBSSQBdZkEnK127CEya+dVrxQ8bQA7ak7HRY6gpvB39ZbsdM92sX2WE4JsV3vfuExvJ7Fgk6m9YnCIut5fnuIKEBXcVxLnkKM4hxz4\/LBig2mlFxcU6ZRUFl22uLrquW5ThMVu75+tCg3i4VfXEsVpiRyxIycVd5Y23P+UKRmDTh54DcqsHksGqbCDxrTuzdZvUErovdI4vvWyF0U0WY21\/68q9l\/9QTeEpMusNDiP94ZhEQKsb+P883eZB6WXflve8viIwRiZMu3l8LBIYFBIkacfTg58SVuxU5riuX3PERaBZLR7GJB4QC8Dxx0MchXUQ687MJHnMvsjuUwyL0gfZVXLJds5gWwzJsyv93QTGBc4U7abYpwfZqK5ciFYVBqc4TFAriPlm9ijOSCcOA\/ze5obU16+URF1VV1y+URFoTQzwYB4wz40QIY1xMVHlt3RsfYZJ7\/JOALBfkZxA1JdZBDlQO8HkrpwiV2fTmvCZFrNDhqPY4sv1Zi7yqB6VqXsRF+WJ5e7v5Zt70cxDAq2Upavg13D1m1VhL91LKCqWoHFYWGaCS7TsJuiWLq+XwkiVLCkVTkgck31T6gbtZjIF\/JfV8vgxICkQICjYUJg2+Cg+KEOUmAAKjAb1MwBg1nr4xm1tFytow6nl\/W4fYNkVEvGly+D0dhkKgygrykMuCppWQdpMrwlVww5y+49BhZL8ZcWcQL8ny4EIuA1ixyEjCwkZ7YyqucP4r4OrFmEj4N1RcxYQ8nGok211iDUeHbHpAb5\/pLE7lxfbhC+7UDdxF2yt4XhHl8Izk5x2SuE4VPpQQbsHZTfi2PpAZHZb3vphwVKN+9eLjvB5fn\/YlX66JxN77dviwh03Td9Uu+8zCfi4Ufesv3qPhHxXarar4LIqtcuZvVHmXwwkxogJGG5GBcvCqekamd+zw92AASyZh\/nDhzpOAeFD8TBpuICl\/bifl8IhUJIEYJgmQb35+UZLKToDQhFjCyQAE6HHHg8dCYNgluYd2jkK61fcoBMTbAQDhXYyHLxBn0EACjiXRueokAwRCwjq96Qi7I5aG7vfXZLH73BLeRMX2tl\/hj\/0n9QwqCJCXMhlpL68RghupvrL93RELw1Neyx+l3y41lgk7Je+JrWsXWs0VTd3d+84niRJNX40boGoRGFy+EzkmFpgu4vbKopvl\/HAhlwpcs5oneCrOVkTEQKu8CGyWaDQ8t\/+lCqAaEPekixHEvhWDAcsux6TD0CzaRmBfxWIz3hpeH6GEHb+DK6c+sAgYTD9upOy9kFFNlOvR70tq3ZOz0TH50li+8WdY2ESfXpNErXnEj9SfuzsiZ90uZXbeM5YJta7uxl\/HCxucKVqNGQqmQD2dp2\/6QLgFN86CFw8mz6fB6MFWBKAggLsHakQ7oAiIKQeggBFzZx9M8odhRbII+zNYPXqJJj7T+ih+LfsUcGobxf6F6gn44Z8aA3fuoKLM8Bkcm8flWzL4o"}
02323{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":916749,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgNJAAFYGaCsfDVY0wKgAZwBQ42ig4yhALhm0z4AQADuZUQAAAQEIChPCQp0AA\/8Kq91sV03W38Enc6h31Pa8lbRDfr317vl\/swZDIbNFxdSVl84XElLcFNuM8QfXWEGr9odZ\/IhFqXwShgkXCMM0GYYg1eWvir9NqWXPyiN37R7q0URcVvvHfdMJQba6CNwh352ZzGO4LSoKz94wprahpNIBbU\/J+S\/6RIvsKaIDeh5fVU1H9O9nwDPMxlbc2\/gjlpeIDr2uvQSvG5OhmM1K6nT5IlST\/dm+1zGhYZCYXNpjT15fQmUQUJiCTRp9BPQJO7vzt5qHM\/i+7vvShgJi7lwtIEKz9ro0Migp3d4WfFt+U+p79ywhfFYb0zPjhk9dEFqhF\/f1jheftLEwUeWBYHz\/4sgT4Qs8nAYhYgbQ6ztXFUyP45mJvomy3fyoTBt6ePmKF0iVbW9wnDQ1JzcMtS4+WXjsS5cHugFHPF7lgwV3NFdpp73C4kvFGHBypffUXEY4XIb5nHVrQlsSEb3LQDc6CYWQXezQmqY8IBxC1pqnGnKkgBtRbjhYUs45OgFjO5bBBbMh8HJaFBgzQa5huyodJzSQWbcSOmJvcUcFF31y4rd45xcJ3d90uaJpbapcv1KeHgiCi56OjGWGq1hmrrCu+OKDiDhS03AtplWaD2TdxbLdH2XS3liY4KQ6WyluOE93y\/LRdBHGjcHgrPgxWaxflljSCJm99\/TKr0wb2jbR5fkmRRkIQHH4cfSLOggb2il\/COdJXGb5m0CvaLxHTFcAvqewyLu1UJ\/ab8faPCMmK82abWO06WJafqMwPG7OJmJsXbbYleKvCEpnUXMnHpdbx3H19e+SzWlZ5RALLR7KQXbhimUZe\/zmDdJ9+cv8TRDiseKyDk8WAZdYjnYxEB9tJUGMtKzhSb1QJ40FQsA4znDQE4ZU7dA\/L+9fsDYZ7GYJ9O4JJphYNPBjRQMdmPTd1CkWVAx7mjeAAEAFExOmhlH6UmH3LkbqHx4DZsO0Ie0LYD971YxdD2BRqznPSitUwAFrR\/L5p7KWCuAyvjXMtXAdYNhgNKkTOCzrKwZoXrWW9\/ckKXu6b7u8vN3VNnZfECTCXGhgZdppnaA61pQhFvHFs6O4mTuEHgrGiIFG1UoNVfcvCAsFUWgEhSZ4PYDeNlf+7u7v2XxTIpBKF2QxgssFWg5FtjxgIdgmBEHAuL8ARPhe5+ZP2wT85OMAsdwTgo4HDoMWm5xBAAEAGeZAhEu5wPGRZYoPAAPzpCQasO1nRcLApFyGhCyOA4NgmPucsrSmYmCIwAHrM4D\/Juzh7ugTHfzRml9hkCsClzQjy4APXF9zwfg3lhiG\/3soDQGvZM00AaSzf4VD4zg4iklxcNPozSN7o4cSHdzUAF75Xagg3pkeLyha0GQ6zCeKnqlF9ir8WIH7RvmigaMQmJJb\/ClkPmZ2XhVZfBv08NtJHlu+MgnfUfeGnrwx+dcuJPepNjTXqEYlwFLVvd7n4h7z9eMuX39GPbOYtEB5oFj7deJqIm3pKnKY\/Yvuiuoe9qW9+qi\/VlZIUm7OIrN241GRLRpa8SwyygaNHsSdONjxlvYvpDY6y2MZ9veoK6HGzHoDcdk8t4fFefZ+SXZbFKKD3KQQWf+XzpWyMFWpfvHG0IbFbPLejxXyy+yCAkUSihTGAO5jGqF3Uvgjzsmot3tkgUlPGh7FUH1FO5qS4i+x6o\/TOHZsmmUTOXwvlJJCkb6VhTfTEFfMR0PNYYNIQvUM6RIgZwx+yrpFK5nMASBv0nvuh9h0lj4iWSY4hFiAN3ZX1THvtBQIGhDL++DYf7eLR80CcdlHvfHlu3FbuWVTBcOBS9z4N3RMZaywoKGILZDzPA7kolZBImEtSEUgwTrRoVqj\/jGy+EHhK5ty53khTF6ppl4D"}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":644,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1436720952553,"flow_last_seen":0,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1436720952553,"flow_last_seen":1436720952553,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02340{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":553865,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="}
00428{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":553987,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"}
02345{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":555971,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="}
@@ -332,20 +327,21 @@
00428{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":559694,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0qulAAEAG4IHAqABnAhbsM6x3AFDqdVZ4Kgew6oAQA16vfwAAAQEICgAD\/7VgZSg5"}
02369{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":559999,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXlAADMGTWgCFuwzwKgAZwBQrHcqB7Dq6nVWeIAQAeZt5wAAAQEICmBlKDkAA\/+vPiSGlIlBo08GptF8i3X+Kr26favaxYPWeD0mXu0mqZ6nR\/HK1hin9irwau8X5+O6LvHy3\/ydOK6UdJ0lM5G2dR6vCPSZfs1dNTi4snFwk0zTV4HXklp\/Q1RB+Bf5HT7V7V97eqWD0uWX7PXaN\/uj0\/k1HRGQ6eRxawJ+2y\/8DfxaXYvY\/rf1fg9Jl+xtImupONGlBxckzUWyb8if+S0\/Uyjx4NP1EZbNiXnf1Xg9Jl7N\/RTeRKttaKUur7NRFbpid\/4OyvkfppUpRGmuJIhrSjhkPVRfcJp8rbUn0xcj1ErSZ6Z8sq87LfXyifsWRcfFY3QpL\/isr5tPtRrtKPJL0ifMeCelOHciGo48xZD1fiSNWcZabpms\/wBYnpMvdb62V\/7JFje\/9\/DqTrhCySxyU1zEjMTv5nJLJLXXg65ywOSXc7NLUt0a7fUKclhkdf7IzUsfGiDqKPUp\/rJ\/e8\/Twl\/RP08o45P6Y9RtJM9K1b2e7aRrt2iZQ9qIr9fgk6QxZJ4YnQp3kjWV8stVviI4Sfey4rHJKbeRGgv2NTRlN3FH\/h6g\/S6n0fh1I80aepfEvj01+qZ6p8KP3u34Rwj1FODdHR+qltDXlHyQ9RF5Oq8FN5NOVto18ocbi3s94P8AWvg0tSMbUlwa\/p0l16fKK5J4e+l5L5r4pSSyOVx6iWpJ+RPbT9LKWSHpIRyTikqX+8mnj2S04yyicFFcfFp9qPUyrp2kxISPUdjP\/wCaPTJc2S9Mpcx4J6c4dyIarj2sh6pfyNKalKTRr+CCuMvbpr9fgl6VNXF8j6tN88Dh5RPD30\/JJ80J2vglKkSk3kX\/ANZRpaEpvg0vTxh\/3vqY\/wB+yGNnNIer9HVJn4pPlk40\/gRp9qPVyuVEZ3FMRbL+z1cv1SIyuNHpVy99T00Jc0T9NOOORTcX9D1m+40aqSOmzoK2h2++C\/ZbSipKmanpa5gNXwSg1tp+TU7iPvbpWyUnJ3tD\/wCs0PTdf7SwRioqlu2kTkmqQpvCKkxaf2KCW+orXwI0+1HqHc3R6XmC3cvo9VfUkyCyj0uWP2aUFKclJGroKL\/XZPZjIdvv0u9bseCMxxTIRayamTTfgXu1Z2+lbUaUVVPZzSHq\/R1SlgWm3klFJWQXHueK+BEH+iNbiTPTdg5MvnpkxtI9T3WQd2ely9ozttfW+hJfkZrvlEJUpPa9nEh2+\/R71uzT5mjW0+iTQpEZWSjYuHyL26kqQkKLeDT06f7HVzaOmbFpfbFBLeeP9+yGF738EZfp\/wBIbs9LO04FUTr8iFyepTcyHk9NljNGX7uyyTdNnp+NQ1lgXbL2dQmL3aPetrGaPcj1sLSkUzSjL6JvpZakJe2Wn1O2VCIp26iR0ksjVS492oQwt7LLLJZfwOVJr+kWvJoz6ZNn5eLZa60ikep7yHk9PlkqStmm09W1s9RSUkab\/ZGt3IXZLZyLbOk01+rF7tHvW7NPKZJKUKYopYP4s1dLqjayYIyv2SdKy2yrPS6f8mNVgfc\/dPH+\/ZHCKK9ssv4Iy5oWzacX\/wBGs\/2VEptLj7PUv9yHk9Nlmp2s0lWo\/wDrbHWRdNM18o0oqSaZ0Fb6faxe7R70PZy8EklJ0Lt2lJJNNj9QoqkidyfVRH2am0VZBShwh\/2Pufu1MEcL3yy\/gSV2NfRGNySF1X0Dk2PV4tf0azubIYNF1yamr+rNGX729muJkcmrlGh52ezNPtfvUnF2iPqL7iWpeDyNpyaRVRpk4TbpMWhSbbIacaujXhcCK3SNThiiaULkkJSi+C2+WS7\/AHamP9+yOPZZZ1ofwJ80WJkZtS6h91mnpqTaJXfJB8MjKuCep1Jr+xujrd8fYpcTE+TUkm1Ro+S15GxiIL9WL3QVySZL0yw="}
02360{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":560945,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXpAADMGTWcCFuwzwKgAZwBQrHcqB7Z06nVWeIAQAeYq0wAAAQEICmBlKDkAA\/+vxKlF0yE+ODo6XYn+vOz7WRwh4EqlRLO0Satsao0EnkSlHBbeR93unj\/fsjgckOa8HW\/B+zOhnQh5+CKtjiqok2NL+Oz4yUR4GTjVUSXApsTyhkXb4NOVJsuhO9kQ7WL3QdSTNR7Um+TlNo\/LXAnY+1kcLaS\/dksvaJJcsbtnp3VHUm+Bku7duh6iHqjk3kUGz8f2dMUUN8pbyz8Ee4eCQmKTPyXlEnyJXjax8kKp3tJM0sjfDRpwUnyUlg1I\/wAkWQ7X765NTZZJd7OiLjyj8ddrLpVIW0u9ks7RNTyXRB\/rQ5pEpr7HLmz8jeCpM\/GxaaEksE8f79kcLaXjZ5W8s\/BTztJMeC+DzwS45NLDJMTvZW1Z1IpZFmyvJp9zHNHVapLaHa\/eiUk+VtHJ\/Nj4S28MjG0h2sk0uq0SzsjUTb4HFeWRpYEm2fhSyxRSlW8sEcbT\/wB\/\/SONpvlbSfItpZ+BYKY0RGxSpkuTT8jwaWOR0XRd4HwQtnJwxQRgmuTTw\/fFEYUtllH82SfCLPDIvgetBZY31SbHtEkrwyVrJp4PIz+T3lhkHxtP\/f8A9FjbUztJ8sTE+CWfgxyTXCYkLixnlDyQ8jZBcDQxNIkzQXDZJ8mnw2Isl\/YnXC9+mVVi5OklJKTJ618H528Ii9R8s\/C5ctkfTxWRpKbSJZ2Q21IU\/sjjg\/s8H8nvPBp42ngvjbUf7bTX7PaOCWfgvihvihDyNnFl8kOESIYJEmeDxRpcJkskF+z31COPepdPItUg5NHTKSpsWkrcWTSjKkRwLDI42l3slnZEsssi+Ftpv9UPu2eCXaaWNp4\/37HKkSlVE3bseo\/A5Xyx6qqkQfBLPwKXNGWzqayiZdkfsrkhgaEjUXJLJHB\/0aXayWRdz2RqZI498VZCPTZB8DJP9nX9Go\/2I4QsMjjZ97JZLIk8sZDtW2m\/1Q+4uiT4Y3cTT2m+CcsIndLaNNDVt0UafGRv4K8mGyyZwRTFdkFwMt0TslFkVwJGj2seUfy2tLJqSTfBHHvirsg39ilfgVeBrls1O4g+BYIY2fex52iTyxkH+q20u1D7iTwakuKG+CMqtjn4LY1Y+SlvYn8PI\/O02dTowRfJFDK4JMl\/RFEFRpyVNInJpqkctnQ3li00ai5I498TTyQ8lfY+G0ic3fSRfAmR442l3sedkTyJN4EmlQhZsT8jbY\/7OBc4K8iYyyLGzqtCYhfBXB5ZZLl0USI95HauCRIWCvs0kqZLKF3b6mSOPfHBHJDjZ9z\/APRqdyIMSTFdFmol1Wh7IcLdkYKI2i0dQuUNjENbRXJLZcEjwJfE3xQ0KI+6xo48ke4i87ObJJ\/Y1TE0KSeDSwyXgjnfUyLHvXaQdsR11k6k22jV4kmR1IrItZYPytcJHXqPCOb5Hsib5ZCVclkUSTsjjbpRFDQ7ohZN8l0NkpOhPgj8VM61dFllI6UKKTsTrZpNDJ\/ZXBHJp4ZLwQzvPIse9ypEdSmdcvA5T\/kKLaaJwppM09KPkUox4aI5QiXex7I1FyIWBUhysWyPAzwRyamRPb9hKxuhfC58UdNuxSL+iLdsUuCNsaobrbgaTOkUSCpMmRW83yLHvrg087NJ8McUm6NXuRpk+5HVTIyTJd7HsiWRiwRSKFg88iH9DRxQia5PAhkSaNN38NKiS4Ongw9k+DTzZY1ZVj5EzqdikyM2yU0simjqTHFMcBcL33wQzsnyS7mar\/ZGmT7kPJO\/Am27Y95ZY8EVwhLZY35sY2QlZLJxQ+BzOokaT5+HwXezXO0YkVxweNsYMCfI3yRVmlGrGiAtpSdkXav3+GQvyIrmx9zNXuRpmpFXY8olptq0RyPeb5ZZF8EcbeC+LGzq4HJjk6IO3ZPuG62cbYojRCNP4eo="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1436720952561,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561555,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="}
00429{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561586,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0qupAAEAG4IDAqABnAhbsM6x3AFDqdVZ4Kge2dIAQA4uvfwAAAQEICgAD\/7VgZSg5"}
00431{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0qutAAEAG4H\/AqABnAhbsM6x3AFDqdVZ4Kge7\/oAQA7mvfwAAAQEICgAD\/7VgZSg5"}
00428{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":563081,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02346{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":563508,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXtAADMGTWYCFuwzwKgAZwBQrHcqB7v+6nVWeIAQAeZBOwAAAQEICmBlKDsAA\/+v4ok9muTJBGDwSdIjgfD2q2RNPDJeBZFtLJHHvulZHUsUl5LiUmamnbTIcEk7J+DSk3kfe\/ZPLEJkFaHFo8HLpUdLOln42dHBGFcjim7ZSOC0KSOqjr8fDHJJciTo8iI8PglkWBqxfRNCRD+x\/ZpO4tk\/B\/Laxrkjj3+Gae0cjyybfUkiI5NOhzSyRnFEmm7XscI+WdEBKBGS8DmkJ8WdZ1HWrHIlI08mplD4HjJZEbL5+FSVjL2rgSornZoaGxbSwaHYT8H8t2Rx73KkyMqOv+hSleBuXJJO+SMJfYkSRpwTGqk17J5YhfZYosS\/UoYnTOocmaWTVXK28bR\/sTLXwpLJJoTQ2jqRf0W9mUf97NCXBp0rRN4P5WWW9o497XBHZMk+Waj\/AGQnweSfg05NOiXc90TyxEMFCQsbMXD4LLs0+41FyWN7RGqGlVoXwUUV9CRRQ9m6QmqvZRvgoRBZJVxZf7eyOPf4IrZDyyb5QsbTyiGR9z9ksvaD42R4ESKpjfJZpdxqZKK2hRJcCQvgTEXyXyJifgadiGrK4P7E6LP7IeSXg\/kJl7L3vAmWKQ2SfKExMlki65Lt37JZe0KoUkWjwRXJRKqIokjT7jUyN8CYyA34Fz8NeR8jL5PJHIsktngUW8HSyXKoWKIsnKsFlsti+CeBn\/vZ9rK8kSJPZeyT52t4Ix8i5yfxIHI0xImv1NLuNTJYkMgMXw3wWNHSUihsezIvjaiMUUSVnSzpZ0iRXv1MDX2KX3s+1ngRElsjxvNcvZIjHiymLtIp7uPNk8Gl3E1siRArkoXwVsyyK6uExwa3SJKlZHe6LG6Oo6jqLL97HKJcROI6ouDP1OB15Kicex9Hk\/8AjP0E40WjihukJ2tpSadEIqC5ItN8DaWTqSOpHUhaiYpps6vheB0PBd4LrBDWTVSPJIRK5IjvqYES252fwajpWRd8ksi4HhiXImiyTL2WNmSXOyQlwLB\/EiuKFxtX7E+00sk8jEhkEQXJXHw3wUPngtIfIkhD28EVnea\/URL2JcfBqYEuES5EPtYiO0tkLGzHliLLPB\/EjgujqE23yT7TS7ieShDIEe74vBIaJFio8jEhppci3eGIkNLdYH79TtZHBJn9ku1iEWMrZY2ZLLIri964P4i8Etk+SeDT7iedlZJ0QZB\/sP4b4Hs0PBFUJkmRfJJ37LGSLLLFgfv1MMhgmudpdrIkdpZ28CxvLJE\/sQsH8RPwS28ku00iYsiMiIZH8PA2NcFNCEWPZsT5e8sCH7EMXu1O1kMEsjJdrEQ2e3gWN5ZIngWBYPAnySfBLt4NGLJYNPJIT+xlkRPkfxWNcDFnZMZY2muBPnebojySfBYmVfjZi92pgRLOzXAiOzKHgWN55EX42tUX+oq4J4HhEVSokuDSyTfIhDRF8iykP4UOvA3wZFkZWyJJ1ZHO81giiSOnkUVvL3yFkdFIrwLTdn4yl9lr7Lo6xzR1HUxteUfr9CS+jpRUS1VFIpPB08oocW1RCDT5JxtnSzpY0yKpiXK+JjfIxCyMraI8CztaJOyIyufYxI6WdDPxs\/H\/AGdCJxV8C019HQdB0IcUfjvyfhf2fif2LSkPTkdDOhnQxrkoiiihQ8lHSV4FFFL7KT4spLIqOPspfZ0\/2dA4ssssv2uXFbSoX9iob2vfyIR5IjV78bUQ4LZZZZZJ+RSZYhklyRK2Q8+x52jjddotnRRRBcklyUcFo6kdX9nV\/Y2OR1o618HSdJW1bdJ0rJ0lCR0s6SkUtr2Re17ywJ7IY8kRDQh53Y8iI4Etl2i2YjghknkoaKOlHSjoR+GJ+FfZ+L+z8f8Ae1M6WNHG17WclM6RRKQ5JCalgSJOsGnKyb4L+OWBLZDHkiIez3ZLIiOBDFjahxE="}
00429{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":563630,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0quxAAEAG4H7AqABnAhbsM6x3AFDqdVZ4KgfBiIAQA+avfwAAAQEICgAD\/7VgZSg7"}
02400{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":567293,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXxAADMGTWUCFuwzwKgAZwBQrHcqB8GI6nVWeIAQAeZuEAAAAQEICmBlKDsAA\/+vRKIrkkudn8NlljEjpRSOCzqLEPaRpkRmmT+R4FshjIiGvbLBLIiAtk+Cy\/YlySzsxIor4L2fvQ9mRXBEkaZP5JYEihDGRE\/cyWdoiRQlwU97GyOSWdmJFHOy+B+29kPZ53mjTJ\/JIWyKGiKK3e8h7RFsseykdIoko8nSOIkyt0P3v3oeNvO8yBL5JC2WzF7HvIltEQvYyt37GUUMe\/8A\/8QAMBEAAgIBAwQCAgMAAQMFAQAAAAECETEDECESIDJBMFEEIhNAYUJSYqEUI1BxgbH\/2gAIAQMBAT8A+L12KTLvKKidK+zp\/wBOl\/aOl\/4dL\/w6X9o6X9o6f9OlfZUT9fo636HJv3\/T4Q3fdVZ\/qJXgWn9iihxVDQlY1\/efGS0WiyyXP7ItHUi0Lkpey\/r+pGNiQkUUTRp5KHD6HH+5cS\/p\/wDguXpouf0Oclk\/kYpt+i\/9P\/po5+kV\/wBqOlf9J0r6\/wDJ0L6\/8nQhw\/350rdCX126hDll1kTTHGyUfv8AuWU36On7YpV7Z1scryj9foqP1\/5KidMfs6V9nT\/o\/wCkptH80U6Zd76hp52aXs6V6Ol\/Y4P2dMvoprKLLRa+e0WU\/o6WV\/pSOPo6mN\/FX3\/R1ZVEhryjkhqRnglFPhj05R502Q\/La4miOpGStM1DTyVsxDJKizqf2dTOotfRx9HH0fr9HH0WikUikUikfr9HH0cfR1M6n9l\/NX2X9f0vyXylvp\/kNcSIyUlcScFLI9OcHcTT1XNcmnnd7Nkxf07LLLOpF96TeCksnV9f1Nd3N9ibTtGn+RfEhc8oSSwPUUHbFK8C2Q0ahFWP4rKf0dL+yl9lROPov6OpnU\/s6n9nU\/s6n9nUxtPKKidP0xprK26fs4WBtv8Arank+6M3F2jT1OtbQXS+CMr7JkCS9j7ullL2zj6Op\/P0sVI6\/sca59f2J+T7mfjYZq6jhTRDVjPGRNojqfe+oQKGq47K+y6x\/Q6WUjq+uxOsDST4\/pV2z8n3M\/G9n5OFtDXceHyQlGfiJtCkmahp7SXA9383S\/ZwdX18D\/o47p+T7mfjez8jC3TrlGhqdap5HEbs092vXypMr7ZwdT\/t475v9mWWWjgSKPx\/Z+RhdmnNxlaItSVk+NlP7LJr2PfJjPZTKX2Wiy\/hsp7X\/Rv6+Cfk+\/8AHeT8jCK7PxNT\/izW9EVY4tCbQmnkfYrKRf0W\/hszgplf6cF\/3J+T7Fv+P7PyMLsSIvpdk5KSTRp7OK9DVd\/HsooplFf6V\/pS+zg4+iy\/\/gJ6MZck9GUd29\/x\/Z+RhbJbN7aUrVEGN7Mcfg\/+\/wC5XyrXjdMTT5RLTjLJLQa8RprO2nHqkkaUeltH5C4Rf126Psj2PBfw8FMRX9Vf6X80\/Jmim5cEfyGuJEZxlhkop8Ml+P8A9JpxcZqyC\/Zn5GF3aPsjsl8kIXyx4I54H\/3EoV86TeCOi3k\/jisii\/SNSFKzSS6Rwi\/RLR+iUWs\/JNfsz8euVvDWlEjrReeNlFJ2j8hNrZb0aSyR2W1jz8EVbEx4IZW3T9Ek18sdNf8AITiuIo\/Z5IwS21nwR1Yxj+zP\/V6f2L8rS+z+XTlxZPTrlfHN\/sz8Zctj2r7MmjfVVl81tLSjInoyWDp+y16JxpJmjhilTrtln4NSDfKZpazb6Z5Hghlb6hnnajna96e0Y2Rj+1CgkNban5MIcE\/y5yxwQk3LlmvldkdSUfFmnqOTpr4p+TPxld7JDLNDzP8AkzXbpUR1mvIjOMsMlpp5RL8f\/pNSLUUmaPsk6lHtk+fgWvzyJxkuBT+yGVvMS4se9lsveMbZGKQvPbU1owXJq\/kynwsb6Xka2VstOTFo\/Z0RjkerFYIT6lfwz8mfjqo2TjUmhlFH48eWyUeTXfC3hrQ="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1436720952611,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":611482,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="}
00428{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":611635,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -359,6 +355,7 @@
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
@@ -369,7 +366,8 @@
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -383,9 +381,11 @@
00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1568796253770,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":770116,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"}
00439{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":782515,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="}
00427{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":784713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"}
@@ -403,11 +403,11 @@
00693{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":815439,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"xGGLNYKpxiwDYGpkCABFAAD1cqQAAFQGu2QfDVY0wKgCEQG7wMv1rxbJmYoHwoAYAHHmCwAAAQEICjouDtENcHLCFwMDALyXCZVZsRVc5YD7osb7G+dT2TOnrp6oODK59iu8MDODlmtQdZEnuJ0n59ahbesAUOJFjNodqwBTOnUZZXsgY\/H+kmgEEI8o5u\/kK+qQDpPHjeMWeKbHaFg4Nr2391apmeNNJYhjbUf47SOnNVsEAOSdxyenXsfoyQcIyl5FWX4ZT6VuG5IY9NORSto5piFSkcKxjKjWJqRzxhmLUncRBc8uH5lX3SJfTWLDfLNOZbXs2Jemup6mWmZLPgR9VQ=="}
01289{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":816162,"pkt_caplen":696,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":696,"pkt_l4_len":662,"pkt":"xGGLNYKpxiwDYGpkCABFAAKqcqUAAFQGua4fDVY0wKgCEQG7wMv1rxeKmYoJtIAYAHW8DgAAAQEICjouDtINcHLCFwMDAnEOs+EoxoLAj+4Jb7hCAolPgK1c6D82AWljmGdNvEXbZ2PyY9Hh2UXUhHLpzoZDsNQPx7jJt0zDPYryql8ck6vnhymqPw910npNiirL9BLegr+lS2wQangi3D6\/KV10f3VXjTqyzAXZiF55sH2aYzTMLW94oSwo44QyrxTJLdgQyfVgEFTwYxmjxed2HlRT\/UbWIEWDrotRHUtqUZYuP08uUt2av8OwQepftw289IGheQLlZ3inR4VQj5N7uQB0cSq9pLzEyMzeFUFdHQNs8e4agxRLKQ+SaAyPQWQv4YwCGVlL6lHqnjqqP0FLgT7za\/B6eA5qpQmOoUc6MPgXpIPV1idtgR3Kmci20Ql2gq0pzQeVKUOvqp3j6Sof4\/J9XNqYHFOEVYhysnbFlpcGlom\/n\/mAhaDhiInrpQLIqiDL5zNvoko82QOx3aKlWPm\/pSTywMa7Du92YlgCyhpQgxqakcbEV8B4UK+qczw8KmhKxUk\/KEbFi\/7ul7kFuZCGEl7gMLQcrSXIOiIq1+VeUEUffgECtU1BDIv9QRdU6pg7gFWDZdYdyEFAyBDsjntX3NVqdf7Pk8RM\/GZaI\/jjxLUANxsB4ATk\/Hu3zk1D86rGaxJHBx3V05y\/vZrsQtfdQRnePHdoZPX2aGcjfYc\/rSjYd+bSJgkQNIXVcwes7QAUt5Cs7tBmw5IpRdncia\/CZyHHgGX7srrxBQEt5K9sjmmW\/ByDadiKp9e6XFuUqL6UypJthH7GHEfTNBNLVBosnyqcZi91FrDcA745FBT6lv\/1I5uNluE1WMneDFXL\/13IL4sSSieJkRn9O8vT2d0vcYng"}
00460{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":816389,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xGGLNYKpxiwDYGpkCABFAABLcqYAAFQGvAwfDVY0wKgCEQG7wMv1rxoAmYoJtIAQAHUO4AAAAQEICjouDtMNcHLCFwMDABJFi3rAA3KN3VF2IRE99YhtID8="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1568796254514,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":514906,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1568796254515,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":515573,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDOAbvBtYQbAAAAALAC\/\/9z6gAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1568796254524,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1568796254524,"flow_last_seen":1568796254524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":524506,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDPAbv9TOkSAAAAALAC\/\/\/TUgAAAgQFtAEDAwYBAQgKDXB1VAAAAAAEAgAA"}
00440{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":526002,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM2mvmccAcaqT6ASbHDxzgAAAgQFeAQCCAoU9Z3GDXB1TAEDAwg="}
00440{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":526651,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="}
@@ -457,9 +457,9 @@
01477{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2153,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":723914,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"pkt":"xGGLNYKpxiwDYGpkCABFAAM5R3UAAFQG5E8fDVY0wKgCEQG7wM2mvmitAcaum4AQAHbdIAAAAQEIChT1nosNcHVwFwMDAwCRUCd2jfTU2PwjGGn6P6b9bw9BB1YzSNGi7Y3XWn5MhvrWT7XFkMxQxE5BP2nlZY\/iXg8AFbQVi39U\/jgQtvIsOnta7FUESB+a15ScORvqrqRXJvYDw0JYLyB1iO0WLQeFBeDu6gbTOnOOhEWDfMgv1\/jSPurXQLXCbsrYWKILybc\/2DG6jNlXIQ4On+wRzXOQMQhJ9+MjwAdGUHxQn7dvlEE51n8+h\/ljyonZELMObNrME59mUs4M8hb3rGUmAzXCPa1ziFVUjvdEn3kjkml9D19uKSDVDIVp2bTx6h3xBZoAmE8MhtwwZqn7Ym0zLxCzYAhUhIyFH\/xIO0Hkclzts96sSb0rHpksbQScxEb3+oLVLrPZ7pAJvxDrSds+5q8aJesmRGm1xcRYot9Yd5ovrFKjeSZeWsWNOJyOQRo+jkmqk9pDxAR5XKw5qjWYbvNJ7MfkAJiUYSt69cCTawz+uEif2LMgGH\/HCyH9UiO\/YopH7Uf9StcXkuCcU\/LNxkiUYh5G0izCkFqkvksHwgaWsuNrOu3sAz0Wf\/NZaWTxHtIog0TB6WGXYtgc7GhrFmlrpHyUDr6LfLHvtrnl7YdeMIzMs8W+OzDM\/h9ufTJoKgKMi9oGLLnbZR5fJEXAD0qkc2PyDyM63mWs3pJOWaiA3P9qpHXWtoYuke1HKHFMjdiJThRTdhkZJKn5rHs60hYlr8MsdKbUl2ZJc2l21wwm\/CvkiaDHGzeNotWds5jECtpW3htRUaKcpwYwuOUd8RkiEjKl9y8lMyyRZl2ij7jzKZQK8YdLvypqtV+ZbdmrmvPp+HK+p4gnWrE7yxcdkJJLVwL+Hx5UzyUACo88E6y3RAaOOlN2co0zWGYbR9fb\/9SLXoi3ae7tfavARirCpJLUGPJzDtWWs4L96BqrQAgSIO0KPqyT5SACg0+PW9PsQWKDcc+5on7oCJBtNvYcNUqbTWYV4Hi8ZF9vYbeZcB8ySJ4C7Jnifs+Gi5+e2sKsXdhMKp+3lqrqaqyQSCLcuy4="}
02311{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2154,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":724172,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgR3YAAFQG4ecfDVY0wKgCEQG7wM2mvmuyAcaum4AQAHZBZQAAAQEIChT1nosNcHVwFwMDBe26TdKKuOwPFQEg88uujor58VNqXtphebDoaD6Z6JiicwPPXl4uJsCftqugA1MtCiuMd07DjsPnuA56Ve9oBgp6Y2LQAFLj6zclfMyRDikTjXJNy7lJR0ocjU1BloT23DpDf0ayvRh66iHGawrfuosTsgW7BTSEQrm74wsruE7FkYjviYzXMlmOdiETLhQNT2YhtANRP7pWzEvqSnk1ST9mVJGBqtEojDNsnsDL7EnD4Ym18W8B3o\/kg7TiA9xsbL4Lmsl8NdScMLWuB\/xx2g+EBH4ipEFqlFKuawKycInD2gomQfqOHWMfiPE8dPgXgYcXEoq4jkPLOMYlLnmcL46clMrmdpn0WL62j3M9lb1deZt0pfukTxaRoJHecHR5PYN2HNW+gslEYp9fO9G73gOnbALOoJY0VtWeHMNExMlvUTjafOZDQtGO6YVZKT9CWf4393dulDZK3YdHBllZK5GUkvlqwlbu6go\/Sk3P28HJA7zrreSDH+MjCaAqB0scJJZ++0Kmyl4bDM22qCKW4VnJCcm2C4fopa4aqDUuI5RlwsgiQVy3jDPseIpWs+X6xP8Dq3g7lSpGOcjA5ygt7qbq20ROp7G4mIfNbI6nfshSA3khMasJIipsA9U5b6Z56nXJ6QCY+IrtHdwOUmXMlJgYlYH7trmhlFk+7eNoM4kUdzKbCVPbz0fiZr8DHIYMHZQahfNUnK47H9cblnRnhCFunpQwp+vS4p4s7+RAXuUm+e\/pYkBW+fN3aL8dKrxjJZWrHdtV7vAXgIGcSx7roR2OxqohFPXAgAsNfeaT+W8mDqGRrCn2tcjyEO0yXwe\/LOKXb1gth6BepKYZ85DszWrXYmZWImD7PD4OO\/pvKEUtQxZY7QMK8ib6\/IMT847ICcyG\/SAJhy0+QO9cKHN+RsCNjwClXwLYLv8aacsJ0S2sKSXrp26Szr5rJNafOiFcJZY6phJg++MgQL0kiiPFIVDYGVbg91zDPPB8ebKA6Kk9N9WiulalN\/TwUTB7h8+JziD93Qw92XR\/T6jMHeQh5o98ixH0K5aQBblI+aOKa+mW8Q1m2u6YOk2HCf7hh652eE7mCjjI4PvfcKL8So8gxO6md1oaFjk01R9PT6ZbYXSuV2q725gLMqBgEreez\/NyQHW5YyX9alNseYZBFpWkAB7IYfmxZ4qU8vzOi6mVmsicjO4Z0BjzBagBy5YB1CiMB4\/qnkIUWOECVmJ\/BFz8HhPteo3oeehGEJ2f3zrUW36JRLMaVRgUHxDRIMzPnE2SKTZ1NFX+gm3D8CcoBd8o3Oy0Xd5pKdzAoT\/tpL+dSAoGXgxc19\/KxkJasNfwiWDVaJKk+AEY9oM3ff+nbvH5NW+NgbqmQ9nhOGbwg\/zzcKFWVZ71BiFP4eqclr9aaCeQkbm1Mbu1NZ3R\/+SCO0if57CZAbnMlZkX181hWBJ17sMiN28I+5AimtkDxJv5sl\/TI7Ci\/az9vG+d1EI3Tqw6x6x+ylJ\/rfjA82npRgkt1TNmaLXOFOD6RCAq2Oe\/vcS8pfxiVv+YZBXDtH3dOq2BPV4qRny3mDoJDo8G3rVUFhFzJuYNHJtImBhKW1n9tyDySqqd3R4kSoc0nxrqMx0snOBWpUjzTM91Y8+sL9f315MAUlt6igxSK\/CKGykiKtdHkKR5mwoviDK+XG2d2kqzKO\/RhFo1+EfhIsaL4JkP1Ngrxn0Z5fX73QPPK1KflOlF5RKMdvquu7u8NZCaAzrlYj+7kbl3YYywbHtqsa9GicvR6EFjGsIDMIcLmyFYbY8izQNRBPPjuyesVzYCjhCUZ1GM75y5iy\/eqfXvG6Li9zUGnvkdzAmC7nA="}
02319{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2155,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":724372,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgR3cAAFQG4eYfDVY0wKgCEQG7wM2mvnEeAcaum4AQAHZeJgAAAQEIChT1nosNcHVw6EusdcfDyZp8leckSeoA1xIb1zN6JCO2zk1rbjLsjUbfZrrWeV5CKAylP+ACNDdxVNRvSd4LwoY1QMqqXUbraupXPcvkluvxkEzNmgdzdU05kdtQdv0a\/HLAXg1QH2SJ5RlxEAde9g6c\/SLXW7VN4yDDDeqlhlWUw4LmYEkRCi5hPcIZf08XAwMF7TPJdieMo7NXEz1Uyoi+gFmSs+cJuB99kwvdy6\/Hn64+uBNDAty0BZGlwc8i8\/v22Riwykc7135XtztFrAt2vihoMU3Ay\/\/rlbyC+1JLs1w6nby8CPJ+h\/qHMX\/6fviiBH\/w+DPNYPZ3aMCCE6Ys9A992Y6ayYJy3by3RkWpSB0KVvQjpwshigopPz9VyjdxLgpvEOYKJp8i4Ak0+5ULWiVJkuCawJPxqJSC0KZ+OEYkOLRTWZVpOAePDrflgFC5Y80YQbfq8b799hY8AVpLpTKrYglQ735boK4mVqH5QrnBvqvW50PNn3Nmr1Cr2mxgWlfMutI6\/TQ+Aivf\/gNAYeWQSwJh6JS2syWWzpAlJEtwBOHLpszhkSDkMrRBfuuG+dl7DdSMGJL8ThYfSeB95Hh6\/BoL34GN8k1l6OloojHxhlBE4EDcbajZZ0Lhk\/NfCGJOkfoLl4so2VCsw1xAf3vOSQ\/o6wtzEMdSOyaazvFnmERKB508LwlJCjJFgG5WZ6dnUfg+Q8RbwyjCOBdd1JSjt5AnDfnZp7P1wPw0xjRpG9PViSY\/A1qEdTD7goUbXdKAF7oMmIlRBC8GeJMRwineuE2sweypc9CI3ejnVTSL6pzM1L92IU+bl2RC2QvtrnQS3Mu7\/4q3Q9\/2rDYT0QzSMDKYgZTZ\/CpFXmY5wJWvezDIw4OR5hf3OUsaXmXDIGHewQHCVu3JXxXn\/wA65+ts+2OXR0RK6zkw1E\/3o1F\/p66+CGysyZnhKVZ2Kj8j1iTIH98DUXeZ57AzOnLBOHXEVY17lYHD2025IMPwfS9rwcv+WwAnkHUI6eI4QUuOXzel88ZPtzrDUsF6fiHLYB2XhY8iTwO9KlhLO2fcXY9NH3qqFUwVtvAINa7uav4awscdzxZtUXFMjfDIkjC5Bsj1TdWRxXriygb4dXivDE2dDJSm0DB8i1L8bnnK1F5L3N\/a0qVm2SQyi5yBVj+pEo6cZWGFFj7\/Ou7LtYk63qCNdjI6YeBdBXSCDi0aHlU0y1Sn5rujw2NHQOb4sbKrz\/+cqC9JjbJ6nr0NzB8htpNp+7qK+mVkbwJP4YH5hsTjVUKYP38b7hbMqcBPppPXYFaZNZ9OXoGyehUYNjJ2i8RaT+ckie9kiqk13eRM0ynaPkr2NJffMZBgpcZe7q3Zo4thnzKBNPeE+GyviKTalXj57wpWzTdrTNZey0vCNvGD9Pqg1IEv5Ht\/cI0VQU2\/kbPOEEVq6QtWkc9Ac0lsQsoc+eVzvFffUHMN2fMetXwsuHL2BTjuGSFg91+4IE5TFwp6Yli7J9X0pMoWB8zNfL8QUwsDWHZC+NLH+k5\/3tYNTJXbFdSV3LzqgiH03bpFG+R8ChwtOxsfLkFH+z+DRqwpCV72SIbyXORZW47q818vEr1b1gs40tatMqqaFAsUJPRVay3Nxvvs1B1gaQe9JnxxYT1cOQHG9QickkXR2RiD\/HxzTi92ZPMje0QwAMdlZcIig3zFYPAAcaIUG2Uuzyl8BCzIx3ED7jqYbhRe97UNv\/5Nj6rpwpgZoliwRQznXzebY6zebFnLhbHpj79SFscxkD\/\/RW8Qwp5BD1zAxAbV1VFsJdmb9\/vGXKQHmvDB9dnb5Dvxnq6+SEifWGnSk35V7TtB0NIoHyckLwfdxxP971c="}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1568796265146,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1568796265146,"flow_last_seen":1568796265146,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":146962,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1568796265147,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1568796265147,"flow_last_seen":1568796265147,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":147078,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDRAbs6ii8aAAAAALAC\/\/8mxAAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00441{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":158802,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNDH6s7\/29CFtqASbHAaPQAAAgQFeAQCCApocroGDXCenAEDAwg="}
00440{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":159201,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="}

178
test/results/ip_fragmented_garbage.pcap.out
View File

@@ -1,5 +1,5 @@
00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244024,"pkt_ts_usec":697756,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244024,"pkt_ts_usec":697792,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4mKigqJl4lJCMmKihLSUo="}
00185{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -625,7 +625,7 @@
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":312,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244024,"pkt_ts_usec":701616,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkVUUiVZXlUm"}
00186{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":1741,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":1770,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjxNTkJIR0ZERVcjQCQlXkg="}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -1251,7 +1251,7 @@
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":625,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00366{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":5485,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiomXiUkI0Aj"}
00186{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":305644,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQlXiYqKComXiUkI3JzZGy7owAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":305666,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnVoZ2tmZHNia252Yy8udGc="}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -1877,7 +1877,7 @@
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":938,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":309702,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAikoKiZeJSQj"}
00186{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":609837,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkAhQCMkJV4mKigpKComXiUNOgAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":609868,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCMkJV4mKigqJl4lJCM="}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -2503,7 +2503,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1251,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":612419,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjI0VU"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":912535,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY4UAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":912559,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAmxrZGE+TDxNTkJIR0ZERVc="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -3129,7 +3129,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1564,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":916928,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjIwNTEpKCom"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":217057,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4lJCNAIyQlXiYqKComXiX0OgAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":217098,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjcnNkbHVoZ2tmZHNia24="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -3755,7 +3755,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1877,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":221133,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjc0ODM5Niko"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":521464,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiomXiUkI0AhQCMkJV4mKigSPwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":521480,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCMkJV4mKig="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -4381,7 +4381,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2190,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":525502,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkRGR0hKSyZe"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":825625,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyNFVFIlWV5VJkkqT1DEpQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":825655,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnsiOmhkZmxrZGE+TDxNTkI="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -5007,7 +5007,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2503,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":828950,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjQ2MzE5ODIw"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":129094,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjUxKSgqJl4lJCNAIyQlXiYeLwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":129126,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiooKiZeJSQjcnNkbHVoZ2s="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -5633,7 +5633,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2816,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":133001,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdSP3NSPzc0"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":433145,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjgzOTYpKComXiUkI0AhQCMkIQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":433213,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQlXiYqKCkoKiZeJSQjQCM="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -6259,7 +6259,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3129,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":437080,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGRDIqJkRG"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":737251,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdISksmXiUkIyNFVFIlWV76VAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":737294,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlUmSSpPUHsiOmhkZmxrZGE="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -6885,7 +6885,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3442,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":741595,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdWCjQyMTQ2"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":41673,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjMxOTgyMDUxKSgqJl4lJCNCBAAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":41690,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkAjJCVeJiooKiZeJSQjcnM="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -7511,7 +7511,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3755,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":45580,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnRnP0dSP0dS"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":345706,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9zUj83NDgzOTYpKComXiX\/oQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":345739,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCFAIyQlXiYqKCkoKiY="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -8137,7 +8137,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4068,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":349651,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiooS0lKSEdG"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":649780,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkQyKiZERkdISksmXiUkIyM4jgAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":649809,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkVUUiVZXlUmSSpPUHsiOmg="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -8763,7 +8763,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4381,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":653442,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkAkJV5IQkdW"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":953588,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSh91wAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":953636,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiomXiUkI0AjJCVeJiooKiY="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -9389,7 +9389,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4694,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":956465,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmMvLnRnZnRn"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":256594,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9HUj9HUj9zUj83NDgzOTbYPAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":256646,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCFAIyQlXiY="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -10015,7 +10015,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5007,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":259607,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjJioo"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":559709,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAktJSkhHRkQyKiZERkdISkvKWwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":559729,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjI0VUUiVZXlUmSSo="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -10641,7 +10641,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5320,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":564214,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGREVXI0Ak"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":864332,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiVeSEJHVgo0MjE0NjMxOThZagAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":864365,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjIwNTEpKComXiUkI0AjJCU="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -11267,7 +11267,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5633,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":868690,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmRzYmtudmMv"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":168906,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj92mAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":168934,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjc0ODM5NikoKiZeJSQjQCE="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -11893,7 +11893,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5946,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":173286,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiVeJiooKiZe"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":473370,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiYtwwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":473391,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkRGR0hKSyZeJSQjI0VUUiU="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -12519,7 +12519,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6259,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":476844,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAgAAAAAAAAAA"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":777079,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjQyMTQ2MzE5ODIwNTEpKCpc2AAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":777103,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjQCMkJV4mKigqJl4="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -13145,7 +13145,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6572,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":779976,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAi8udGdmdGc\/"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":80090,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdSP0dSP3NSPzc0ODM5NinCaAAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":80118,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAigqJl4lJCNAIUAjJCVeJio="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -13771,7 +13771,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6885,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":84232,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4lJCMmKihL"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":384369,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAklKSEdGRDIqJkRGR0hKSybhaQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":384408,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4lJCMjRVRSJVleVSZJKk8="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -14397,7 +14397,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7198,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":388716,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkZERVcjQCQl"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":688865,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl5IQkdWCjQyMTQ2MzE5ODLvxgAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":688906,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjA1MSkoKiZeJSQjQCMkJV4="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -15023,7 +15023,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7511,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":693735,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnNia252Yy8u"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":993869,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAnRnZnRnP0dSP0dSP3NSPzcd6AAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":993916,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjQ4Mzk2KSgqJl4lJCNAIUA="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -15649,7 +15649,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7824,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":998110,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4mKigqJl4l"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":298278,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQjJiooS0lKSEdGRDIqJkRIiQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":298314,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZHSEpLJl4lJCMjRVRSJVk="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -16275,7 +16275,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8137,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":302589,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjxNTkJIR0ZE"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":602706,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkVXI0AkJV5IQkdWCjQyMTQCqQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":602745,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjYzMTk4MjA1MSkoKiZeJSQ="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -16901,7 +16901,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8450,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":607084,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnVoZ2tmZHNi"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":907272,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAmtudmMvLnRnZnRnP0dSP0cRsQAA"}
00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":907313,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlI\/c1I\/NzQ4Mzk2KSgqJl4="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -17527,7 +17527,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8763,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":911219,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiQjQCMkJV4m"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244033,"pkt_ts_usec":211391,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiooKiZeJSQjJiooS0lKSEc0yAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244033,"pkt_ts_usec":211444,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZEMiomREZHSEpLJl4lJCM="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -18153,64 +18153,64 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":9076,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244033,"pkt_ts_usec":215628,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmxrZGE+TDxN"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00143{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9077/29
@@ -18224,5 +18224,5 @@
~~ total allocations/frees...: 35451/35451
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 148 chars
~~ json string max len.......: 513 chars
~~ json string avg len.......: 340 chars
~~ json string max len.......: 525 chars
~~ json string avg len.......: 346 chars

936
test/results/iphone.pcap.out
View File

@@ -1,55 +1,45 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iphone.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01081{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454552,"pkt_ts_usec":576659,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":219847,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCUAAP8RQoAAAAAA\/\/\/\/\/wBEAEMBNI0tAQEGAHhURwkAGwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00580{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01944{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":606988,"pkt_caplen":1199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1199,"pkt_l4_len":1165,"pkt":"AQBeAAD7xiwDYGpkCABFAASh9MAAAP8RHubAqAIB4AAA+xTpFOkEjReaAACEAAAAAB4AAAALDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOnA6QABgAEAAAB4AATAqAIBwOkAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAC+AAQAAEZQACcAMAAUAAIAAQMEzAC+AAQAAEZQACcEzAAUAAIAAQMFvAC+AAQAAEZQACcFvAAUAAIAAQMGyAC+AAQAAEZQACcGyAAUAAIAAQMHuAC+AAQAAEZQACcHuAAUAAIAAQMKTAC+AAQAAEZQACcKTAAUAAIAAQMLjAC+AAQAAEZQACcLjAAUAAIAAQMDpAC+AAQAAAHgACMDpAARAAAAIAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01977{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":607048,"pkt_caplen":1219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1219,"pkt_l4_len":1165,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBBI0R\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QSNi88AAIQAAAAAHgAAAAsNTHVjYeKAmXMgaU1hYwZfb2Rpc2sEX3RjcAVsb2NhbAAAEIABAAARlAA0M3N5cz13YU1BPUM0OjJDOjAzOjA2OjQ5OkZFLGFkVkY9MHg0LGFkRFQ9MHgzLGFkQ0M9MAlfc2VydmljZXMHX2Rucy1zZARfdWRwwCYADAABAAARlAACwBrAGgAMAAEAABGUAALADA1MdWNh4oCZcyBpTWFjDF9kZXZpY2UtaW5mb8AhABAAAQAAEZQAGg5tb2RlbD1pTWFjMTEsMwpvc3h2ZXJzPTE3CV9rZXJiZXJvcwpMdWNhcy1pTWFjwCYAEAABAAARlAAzMkxLREM6U0hBMS40OTI0ODBDM0VBODI4Mjc3MUEwRDI4OEYxMTFFRjlFNzUxRjk1QTYzDUx1Y2HigJlzIGlNYWMEX3NtYsAhABCAAQAAEZQAAQDAawAMAAEAABGUAALBQcFBAAwAAQAAEZQAAsEzDUx1Y2HigJlzIGlNYWMLX2FmcG92ZXJ0Y3DAIQAQgAEAABGUAAEAwGsADAABAAARlAACwX3BfQAMAAEAABGUAALBbw1MdWNh4oCZcyBpTWFjBF9zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwcDBwAAMAAEAABGUAALBsg1MdWNh4oCZcyBpTWFjCV9zZnRwLXNzaMAhABCAAQAAEZQAAQDAawAMAAEAABGUAALB\/MH8AAwAAQAAEZQAAsHuwAwAIYABAAAAeAAIAAAAAMAAwOnBMwAhgAEAAAB4AAgAAAAAAb3A6cFvACGAAQAAAHgACAAAAAACJMDpwbIAIYABAAAAeAAIAAAAAAAWwOnB7gAhgAEAAAB4AAgAAAAAABbA6Q1MdWNh4oCZcyBpTWFjBF9uZnPAIQAQgAEAABGUAAEAwGsADAABAAARlAACwqHCoQAMAAEAABGUAALCk8KTACGAAQAAAHgACAAAAAAIAcDpDUx1Y2HigJlzIGlNYWMPX2NvbXBhbmlvbi1saW5rwCEAEIABAAARlABYFnJwQkE9NTk6NTE6MDI6MkY6QTQ6RkYKcnBWcj0xNTIuMRFycEhJPTA3MTZkMDU5NDRhZhFycEhOPThiNTMyNDM1OWQ3ZBFycEhBPTI4ZDRiZWQ1MTc4MMBrAAwAAQAAEZQAAsLxwvEADAABAAARlAACwuPC4wAhgAEAAAB4AAgAAAAAwAPA6cDpAAGAAQAAAHgABMCoAgHA6QAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpkwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAwOkAL4ABAAAAeAAIwOkABEAAAAgAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01984{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":607164,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"pkt":"AQBeAAD72DBiVgAcCABFAAS+xrMAAP8Rg6ip\/uHY4AAA+xTpFOkEqgnaAACEAAAAACAAAAAKDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOkDMjE2AzIyNQMyNTQDMTY5B2luLWFkZHIEYXJwYQAADIABAAAAeAACwOnA6QABgAEAAAB4AASp\/uHYwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAw5UAL4ABAAAAeAAGw5UAAgAIwOkAL4ABAAAAeAAFwOkAAUAAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/tgwYlYAHA=="}
00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00589{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454556,"pkt_ts_usec":158287,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABITwkAAEARpUvAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00877{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454559,"pkt_ts_usec":629595,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD7xiwDYGpkCABFAAGGV\/AAAP8RvtHAqAIB4AAA+xTpFOkBcvWXAAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
00911{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454559,"pkt_ts_usec":629655,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyac0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADgoAEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
00877{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454559,"pkt_ts_usec":629722,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD72DBiVgAcCABFAAGGSisAAP8RA2mp\/uHY4AAA+xTpFOkBciW4AAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7YMGJWABw="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454560698,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454560,"pkt_ts_usec":698945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAABxiwDYGpkCABFAAA0yh8AAAERTO\/AqAIB4AAAARTnFOYAIDCVAoAAAAAAAAAAAAAhAAAAAAAAAAAAAAAA"}
00406{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454560,"pkt_ts_usec":698947,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AQBeAAABxiwDYGpkCABFAAAoSfUAAAERzSXAqAIB4AAAARTnFOYAFHD5AIAAAAAAACHAqAEL"}
00807{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454561,"pkt_ts_usec":777161,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCYAAP8RQn8AAAAA\/\/\/\/\/wBEAEMBNI0lAQEGAHhURwkAIwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454570,"pkt_ts_usec":441338,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCcAAP8RQn4AAAAA\/\/\/\/\/wBEAEMBNI0cAQEGAHhURwkALAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00807{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454579,"pkt_ts_usec":343688,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCgAAP8RQn0AAAAA\/\/\/\/\/wBEAEMBNI0TAQEGAHhURwkANQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454582,"pkt_ts_usec":628608,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaybIAAEARKNDAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
01082{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454582,"pkt_ts_usec":628608,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaybIAAEARKNDAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00451{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454583,"pkt_ts_usec":649066,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD72DBiVgAcCABFAABJrWMAAP8RoW2p\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00450{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454583,"pkt_ts_usec":649191,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7xiwDYGpkCABFAABJLHMAAAER6YzAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454585,"pkt_ts_usec":624880,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/62DBiVgAcCABFAACab\/sAAP8Rz4Wp\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454585,"pkt_ts_usec":625038,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaYI8AAAERpiDAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":170857,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIdggAAEARfkzAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454585,"pkt_ts_usec":624880,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/62DBiVgAcCABFAACab\/sAAP8Rz4Wp\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00566{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454585,"pkt_ts_usec":625038,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaYI8AAAERpiDAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00459{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":170857,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIdggAAEARfkzAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00877{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":688849,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD7xiwDYGpkCABFAAGG7IsAAP8RKjbAqAIB4AAA+xTpFOkBchCYAAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA3vABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
00912{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":688899,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyhM0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADe8AEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
00878{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":688975,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD72DBiVgAcCABFAAGGs4UAAP8Rmg6p\/uHY4AAA+xTpFOkBckC4AAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA3vABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7YMGJWABw="}
00807{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454588,"pkt_ts_usec":306266,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCkAAP8RQnwAAAAA\/\/\/\/\/wBEAEMBNI0KAQEGAHhURwkAPgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454593,"pkt_ts_usec":553053,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"xGGLNYKp2DBiVgAciI4CAwBfAgCKABAAAAAAAAAAAG++A2+4rA8X2gYxFbqZeXiyOn90e79J6gG73FMwvQ8SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","type":34958}
00479{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":26,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454593,"pkt_ts_usec":558516,"pkt_caplen":135,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":135,"pkt_l4_len":0,"pkt":"2DBiVgAcxGGLNYKpiI4CAwB1AgEKABAAAAAAAAAAAOWT02eyYZMJTCbPZYTVE1RlWpVpVaVS1ktYpT2U96wiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdssiNbmCpdH7SIBd9jgSABYwFAEAAA+sBAEAAA+sBAEAAA+sAgwA"}
@@ -59,459 +49,463 @@
00451{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454593,"pkt_ts_usec":564157,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"2DBiVgAcxGGLNYKpiI4CAwBfAgMKABAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBqniUXzeQOJOsxzjRJJCEAAA="}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":28,"source":"iphone.pcap","alias":"nDPId-test","type":34958}
00807{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":343591,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/xGGLNYKpCABFAAFIJUkAAP8RlVwAAAAA\/\/\/\/\/wBEAEMBNFcnAQEGALeWutEAAAAAAAAAAAAAAAAAAAAAAAAAAMRhizWCqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwcBeQMGD3f8OQIF3D0HAcRhizWCqTMEAHanAAwMTHVjYXMtaVBob25l\/wAAAAAAAAAAAAAAAAAA"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00798{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":352217,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXQAAP8RB87AqAIBwKgCEQBDAEQBNJWvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":354441,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzP\/mKKcxGGLNYKpht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/mKKchwBApQAAAAD+gAAAAAAAAAgjPxeCmKKcDgEq29a5HEA="}
00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":354550,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"pkt":"MzMAAAACxGGLNYKpht1gCzl3AAg6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQAQyAAAAAA="}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":839359,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00458{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00519{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":364760,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00798{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":352217,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXQAAP8RB87AqAIBwKgCEQBDAEQBNJWvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":354441,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzP\/mKKcxGGLNYKpht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/mKKchwBApQAAAAD+gAAAAAAAAAgjPxeCmKKcDgEq29a5HEA="}
00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":354550,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"pkt":"MzMAAAACxGGLNYKpht1gCzl3AAg6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQAQyAAAAAA="}
00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":839359,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00519{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":364760,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00807{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":366527,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/xGGLNYKpCABFAAFIJUoAAP8RlVsAAAAA\/\/\/\/\/wBEAEMBNGQTAQEGALeWutEAAQAAAAAAAAAAAAAAAAAAAAAAAMRhizWCqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAcRhizWCqTIEwKgCETYEwKgCAQwMTHVjYXMtaVBob25l\/wAAAAAAAAAA"}
00798{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":370709,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXUAAP8RB83AqAIBwKgCEQBDAEQBNJKvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00514{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":847254,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00519{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454597,"pkt_ts_usec":360810,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":204952,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xiwDYGpkxGGLNYKpCABFAABMpW8AAP8RkM7AqAIRwKgCAfeVADUAOH2lldMBAAABAAAAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQAB"}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":205008,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkxGGLNYKpCABFAABGS9oAAP8R6mnAqAIRwKgCAfanADUAMj\/EHhQBAAABAAAAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQAB"}
00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":209581,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"xiwDYGpkxGGLNYKpCABFAABFIREAAP8RFTTAqAIRwKgCAfGmADUAMT0yjvEBAAABAAAAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAE="}
00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":212900,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"xiwDYGpkxGGLNYKpCABFAABEPtIAAP8R93PAqAIRwKgCAdpqADUAMKdbJH8BAAABAAAAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAQ=="}
00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":246275,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"xiwDYGpkxGGLNYKpCABFAAA\/VFIAAP8R4fjAqAIRwKgCAcc\/ADUAK6bSYEMBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":247243,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"xGGLNYKpxiwDYGpkCABFAADuMPYAAEARw6bAqAIBwKgCEQA19qcA2lqQHhSBgAABAAkAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAcCWZtZm1vYmlsZQJmZQlhcHBsZS1kbnMDbmV0AMA2AAEAAQAAAA8ABBH4uYzANgABAAEAAAAPAAQR+IMIwDYAAQABAAAADwAEEfiDysA2AAEAAQAAAA8ABBH4g8vANgABAAEAAAAPAAQR+LmkwDYAAQABAAAADwAEEfi5Z8A2AAEAAQAAAA8ABBH4g7LANgABAAEAAAAPAAQR+Lkw"}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}}
00690{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":247382,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"xGGLNYKpxiwDYGpkCABFAAD6F4oAAEAR3QbAqAIBwKgCEQA195UA5qzeldOBgAABAAkAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAiD2tleXZhbHVlc2VydmljZQJmZQlhcHBsZS1kbnMDbmV0AMA8AAEAAQAAADUABBH4uVfAPAABAAEAAAA1AAQR+LkmwDwAAQABAAAANQAEEfi5J8A8AAEAAQAAADUABBH4uQrAPAABAAEAAAA1AAQR+IOrwDwAAQABAAAANQAEEfi5Z8A8AAEAAQAAADUABBH4uYTAPAABAAEAAAA1AAQR+LmN"}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}}
00642{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":248721,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"xGGLNYKpxiwDYGpkCABFAADVXGwAAEARmEnAqAIBwKgCEQA18aYAwXDXjvGBgAABAAQAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAHADAAFAAEAAAtxACQKZ3NwZTM1LXNzbAhscy1hcHBsZQNjb20GYWthZG5zA25ldADANQAFAAEAAAFNACIKZ3NwZTM1LXNzbAJscwVhcHBsZQNjb20HZWRnZWtlecBUwGUABQABAAARlgAWBWU2OTg3AmU5CmFrYW1haWVkZ2XAVMCTAAEAAQAAAA8ABF9lGTU="}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
00535{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":252214,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="}
00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454598252,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":252419,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"}
00635{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":287759,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="}
00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373077,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8dgsAAP8RwELAqAIRwKgCAdihADUAKKMQFxsBAAABAAAAAAAABG1lc3UFYXBwbGUDY29tAAABAAE="}
00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373420,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00514{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373553,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454598377,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":377826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454598385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":385187,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454598387,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":387073,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"}
00436{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":402840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="}
00423{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":404960,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"}
01123{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":405072,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqn\/AqAIREfi5jMWPAbsN6rbVpgxzC4AYBAuh0wAAAQEIChHf52v26Z7FFgMBAgABAAH8AwN8\/m8PXyQO32u1iV6RcZDnMbTrrPixNIjOuJcPKyu2YCAqbhRZg6XgGUsXaOUau6tuuVwQheEDrsOtyWvnbE4KuAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAAB0AGwAAGHAyNi1mbWZtb2JpbGUuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAqltozl1XctQvleGh0N7IIp3TCS7HFVxwjJhj0\/2bbZgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00436{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":412214,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="}
00627{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":412843,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="}
00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00424{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":413932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"}
01122{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":414051,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454598416,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":416547,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454598418,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":418108,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"}
00437{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":426588,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="}
00436{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":427688,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="}
00423{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":447691,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"}
02380{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449324,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXURA4AADUGAMFfZRk1wKgCEQG7xZCMPaCToKaarYAQAOtcCQAAAQEICiLQBMYR3+duFgMDAHoCAAB2AwP7MB3Ylhf8Bjmes916ZWnzOGPYuszhpJ41UUFXi+SNbSBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFRMCAAAuACsAAgMEADMAJAAdACBmEKt79HIbQLnUjzrNZkYuOEjGdzFKsqw1qRXq4w9bFBQDAwABARcDAwA0ljir8wnOluy8B0zgMbdPObep5nnR7HaAJhstM6+gk2+lrnuD5wrdL8n5GVkdE18ZdpoV9hcDAxLgzvI5agAXt0\/jf07ibdmTKUEeRmMhrEM1GtVlxUupp9cg9SbslBYtKJaa0wT3Q7n3fJj6nRL0n33B44erSqtcAXxWyOSCmmVYqy7bcy9\/ZqcknAf7xOgb2MpPmfOh\/GkVJb\/y9davzmzWFOOdqPyRwMptmxIFSQTNQJlvfRrR72IT5\/HjFhACqUfKOqhuk7Xafo8vBqvrNGahTRTY6c+tI4UTsHFA0vUJvIno+IiQITsXfCnYml4Uv2xQjOUAe2Y\/cW1p0X+BuUDOLo1Wic0DHWyEu+tPxQh2275aPBpPvVdJU0CEGYigY4Y75QfgTlTS0AgYeIasNOwAAO3aswMWtsjrhNLDIbDODYmB1g74zQdD0dftVwJESceAPTQs3Nzd1bgtAwffH7lbOJS\/9KuTO\/0eD22ACK9E0p+39c\/71hVVdICNFReLsV0EM\/HtTV7fwi7XO8AT8H1+e537aWNU7Sljch+JEYCU7XZywmVVHo5qEkXLNc8kvJgxy2blQNJx\/1W1wF7XOpLA4sRVwo5F8jS3Who2VT1tU81QZB7TKQuceQNYlj37gGFlBq1Ihd39RKVQTnYV\/H5Y6wvXLS575JZcHskDBxEJXSYG5QinMRLvvMWO4ibsWryM0f4k8hdtRN6OEisLdLATXj4wSWMVZbsE\/AeaQREXbQQJqQR56YQkcOaBQd1g6i9HZntHr7NNmNdVgudO7Jr5RQ7A4fpA7FarhYETRj4Qs7YqleA55SLFpMO03lOS0J+LuQCzHqPQpcL1vgeAx0KZWohWUy8RyEaLjWeYdY1\/bpOekS3ec984hbODzwNEF9j2PDdf1n+UJyM71VjXFGvIg\/LE5GX9oaJnMAdkZRMgDyhOKmkDNUyiS6bGeXHTny43umPpljzopULeUHJZJXJX\/RGHZOs1pyYcTwgkmWQaN5HxpWqlOuFGDq9VPRRmMYp5Hge\/dou\/6j7hMO84QWfe5wfSGi73Qo9t8cN1gWEbVNG\/fdgqlh6Unzg3B3bDoh+UHhAJQ2ahOXeFS5Xzm5cYASgS1IUOO4wbkFx3at6f48iCDuiWP\/eCXYpjaWKv5kqvKEILikRgUJst589WqfVdS6w\/0hb+9r\/oHxMPex4TSB\/TVchrK2AF\/cS9BZeYPyi5X\/4NF2MXQEKhFtereXVK+4NboxTot3bhQRZd566HxD4vqcHF1fnW4aJKd3jesYhsVMy2SCue+Y5KfRbFFY1k7KeoPUk4IuoWQGIrStG\/lkKor8HmycS\/EBVwVrmZt6Kgq2qdQwVJ9hNmKfhYq2nm734cURIhInk7p4vSYE+9Ksxh7CNMfEXEOx2ejHoWZL0waR1p4OYum+5J6hauPKdjyxJ8hu0cfb8jZm65wenrTUkHsp2iZoDhU+GVXDsHRe3EkmtCmtH0g60El1+jF3SekK\/rE702e4FfvcbNiJkwF9cwP2jaq2wnO\/LmW96JyGE2rpz+L6diJGgkeP81BLya0a9IZ4Z5hQfNZvtj6aE4YAUmvP+Px4mMhNCmF0s4XabUIaUI+8A\/1kEO3givAjhFbj3a\/Zc0mfbdQnlREOG2b45q7n67EmIvPh1TiGPx4rU9J4CS+qcLsJJAQWU1hLc+0dKW8m6T9Z6KdN4CLv7BM8hNVxz0C7T9e1k+mm41yvjp617Y"}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02377{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449374,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXURA8AADUGAMBfZRk1wKgCEQG7xZCMPaYzoKaarYAQAOu5FAAAAQEICiLQBMYR3+duyZGX8jvKHfYO4irLOTOuIwVrfsn8cq7ShQ+rERgUhgqi6YmNFlT1tEHLKZr\/xBPk5ivvhQoEjta\/5ln7FGkX0G1hifL2iGMdqH4zeXMd66Gn5w3vrK84Hp36TjUG0PG5j1PqDUpE+nKsrrdiXXTY4Lu6jAtZcIGsD9zvRTsEnWLiyUZO1nDafPfwjNHs7l3dq\/tmFUmfedrLOjVPeE91NaK+EzLweJsfU2IYoeXWWYlvTIFWI8H8Jh+ABLwLzElfiLKr6HoJf26rjCeNVmDi60RMCQCAILyxEAxSRAzecVI9X0wh+0CbyTM0Y0tWBPHM97lKnVLGAY5RjNihQ1S\/S\/+cDoikjNb1EPO59tDCzwRpuxbG8jMuwx2+u4Cdr3i2K6sKwnbJYKqFopcpbPhqvJ3+kHvBTN3a11hQBNCDKj50MJNqciDB0XJt\/yGGeuQAoUjNjYCWgf02z+8ZiJYMi7WbjsP+lo3c0jFHLu3nijBPEocqsCzjg\/8psGV1DZFikyR\/JIh0WiDtkHaPpJstEo7Hl0POAnv0wQDpEoBq+d794F7yW6Hpa3fJ\/kXSMGF5xEsKCqj+tU7esDEN47XEv01WaHmexrR1smom9ctPkTzfbOJbXvZO8ZMYSyEebTvL3mg2\/GzDH4PWS21b5YmHXR2CFfrxSJ6aLzZBRR+jV38LPa1gaNaYDfIBEW4FF4BKS4jycvYyZVPdcaNYSJ8n6ljDUvxY7vDslKir7QfcoG9PCX1Hg4NeXr4kXy2H0lqqt7bTy4LTs6Xb\/SRNHcNQhxvkanyNZWy35O\/bGFco7+K4vsa8jMMZQQypTm9Z5OlQZpPKpBJQMsK\/jklORBG\/vsxrDEimgNk00N6kJ8Jus9MTg1ybR8q+oPkdFk7J\/VqsoCzIT3NdF0ZNqbwoJwSoxFV71EMS53AlpUVslzou8u\/KPAL8\/UDMNxPu6hKu2ahKbLO2sx0v38++eqTI\/eG2KXiUzOqq7E+DLRawF9Kg+0UIMmvF2Zw+xibMbh0xT5ju9GeeFHKUI04y8JDULZXfhU1aA9JQHhxedp8UHVs9Z3ERqhDe6HcFXSn09LjTmicIbxVR9P0IYXU\/N41sUhFDWeCF6tlkKHIdIZSfhRdlvqY2Elvt7hBRL6rlZr4CW9LUytEf8CTZkAwuTUiyYwvZ6tDzwS2+7mv+S0zCYhvbpPgrlTE8f\/8lpgLMEGY5dTD2TCGAkXbRJj3Uc5cu5l\/IJvomHJS+feST9fBjUJCFiz8e6s5HVLmq8FlkyHWuz5xt0mVHXfkX8k6PYQRAzxgfrFxSpRCUi4CHL6k5jx0Tn1JpzNVu2arVC7NCB5CZSLqvCWZ9L83uwTdkXfuuW6Lu6Ji8UQSDQNrKgq538gQnBVbcs46CzmvzuPpjWjXvnrzn0U95nZ+4P6GuTE8qv2jIVSeRG8x7i8\/tl8WuEBYDg8iCApyrnYHv3qfp2iXaBAdk1yen\/z5f9QVm0\/zgqYLWSjsaPg3HqTWk\/bqAVfos8J2lmflut1X4h\/XbAzFwWu4Z39laa9jJvPbH6Z86rnkWEVIfnSDJ99wIv7teVIuhBjRYWBjYHU7BowK5DmcOsw5vttcV7nbRFj1yKK1SAhG1v0wwk\/ZRSgrQz6rAYg2qfhFce1WyPy9ebxR9HZIYx+E+PuV32eQ5UUgDn6PkJWd6i+Wxtngi31RNqpYYfy10xvvBSUuHLq0i6lso1bctbo7nuLzsyOU2NQv5nMTJWYba5BtK3zg1ZWLpTjytpP3W7SsJUZ8zzE4f2rkalNVFjyNZnFonNBNM5oIZbbH9ROxSO6jjTh3j9b48atfzrw+zKL2zmeHhJkxYqgJsedvdgnRVFp5ll5IRC65Iju62h6b8tftHw1Yc6W\/D+ADnIWVKPbT2bJtq5Nql1EmIa8FZ2FKK"}
02082{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449499,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0RBAAADUGAZ9fZRk1wKgCEQG7xZCMPavToKaarYAYAOvuyQAAAQEICiLQBMYR3+du8Ig3\/fi96m2oAg+EtKElv0O00btkWjeqsgPZBgpVAbZzZI4d88yrnp6ivOCjb6OwMlntww1S14MJHoHwBgJXO2kcXeXRxYDs1g7o1p8uFAtyv2kZaQLFpMctATNWlCpQUlcKXPear5j9IzTHIA3yKy6p\/rdeokyGi\/Ul\/2a1cgg8BCEBOROS\/4xWvQpOCMf+RwLbyPYLlKcLddBDeNyGs\/PVaXJwch0+uYo5ERDqUdtWQ+BzAqrNok3mL\/KEezSa6ktIRR\/80db4rpwUHuuDKMUynNwB9qj5YK7wddEFxSkPwwuN8U0oFOAtQso01MKse2nTGbQCyb73BcbinudCzXWyg4\/a5s0g47MEVtzQysl7tKTFyhwxK7YfF3us6\/4HG80Kpo2O7XT89nlFN44JX+e1JPSfBV1g28xXZfRg1kGd8SoAtVNNc+W09w2WkHo99IEMdFGMjKEkMAUqplMzqnGRazIyE+NPBbLzi4KJGE6qcex42SMidV2T3S8KoKHk8g6uXodbon7P0nQd2mTY8rQFDbd+hlio9S3OeREvo0AAiFnFO5oVb7wt8H8r7biJHyEXuy7Iqb7bIB8bcpjh64QoxWzFye0FxVRBWbxoGMU4KHM+Y+gzAdvUS4kG6ZLR4ELw0+0+FFTP6mvLsMFsoU8eAJnSho0U5Fo7dSBthcSMbnQeleUmRenyh7zMFGZ8QC\/vB0z0L0lQJkAVgqoHTYn0Sssc\/l9oiYt9KartvN6UHyRu5q3INRKqxGgfbg+OMcS1WfqZS3ItQPRdeqy8uwmsHpkKrjBNDGczIUHE+\/oVjGGraXbIA4u3HXkYORj027AtKElOwM6sVBtg2UfthWXzAa6SEI7xYP\/F4RElFK1\/I7KUL+FrxWrBLyTcm9H7gOiACqrDoW7or9Z9jJf35i+U06ndO\/tRO9o124h9ChCm9S5Z+a5af7hWtK\/PMfPAawRoNl1t3ANlvISjcpvdF\/\/XmvqAnx9J8GmSM\/gPHvKQ0FKONCfhxbGOtlfVQ3Rwx7fhiZsjCqiXbCrWTs30\/o8R5saBw7URp2JMAfU7L2lNqvw5+uFpxwEky4yT\/FEy3pjvTumtn2G12rNlVGu0lars5oefezExu8xjKVE4LG7rs0Ov8PY6jHKcxhB7ZRupf4p0C+H0o5cgIZ3kLbxovsYNVBdltRsw55MgiFEGKNWVB666Gz1AoDMxiMSLbd7g0nQ3uVahJ6iXv0F89vAxb+o4\/Di3IKHYQD0c9+PvH562d1rtO0QkuorIvKP+5JBlK69rHoVsKqOwn2DJt\/ZvkyJkTK4U0UhnYh++DKOcewijrt3YZgmd8PK0Ddogb9y3urTzjkUm5k+6qCT+V5JPICJYvE2ogjUfGACoIXaU5xv7wqfrbquqQZEgLP13WENyMjZv7xQtgKuEo22+FufdmxHVfdyWj0NNxNBf6GQZDLmu9YeUKNXHz6aVG+jLgv1\/U5zbIRb6JaQbbHLh7Sr18HawMXNn3BiUjhUAYgMkJuBwFiK3ehD22oEcp\/DfD\/Sn0wL4houeSNuZvPuN3\/IGfQ8p5kU+hv5GridH4tSrq6mjfw\/uutdjPnb1UqCZfHp3P9M20fcnYNVXax7zLXYpyQ=="}
02176{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":450581,"pkt_caplen":1357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1357,"pkt_l4_len":1323,"pkt":"xGGLNYKpxiwDYGpkCABFAgU\/RBEAADUGAVNfZRk1wKgCEQG7xZCMPbCToKaarYAYAOtpVAAAAQEICiLQBMgR3+dugmt7KJxMVZWwF945F0lKmEycQpJpUY6bqgQAK0nf+pJkj8E4rQ2x0y69LVDPgTpM9+czdnZBqCtr0boqaxCnCou3ABaxHRDO3QOoQ9srWmvjnio9WOJc0RyydygK0sfNQgeRBBD5TX7AJOFWbWBNBRFb\/rgvGpac1+gfT+sF0qDvHzBTh4qZfWt70wb6kUq+TuTjHNkv2NPrW10foiOkq104Veip5IYLlvX6jJJoW9m7yGqg+HmD84C3eofwA7\/j423hl8zwElvTVgCT8CYQ9GHIJ6J23Mo9iJ0yPb+KmOQ17V1w2iJlgD1hnIzDTR\/9eawqPpUDrAlegXvQ7qyX1QVZ0ccuJgRCoivbXN4sI3nUqLJeAJlVwD33DOkrlN4LKKcGtzjjRKBD9PqOUhK+vucR4AlMcOloNDD8whM3\/7Uvh0Rw\/x\/wQIKA8O8PaubbivYz9ZuQee\/1+N4tl+B24UCFHS97462jIlvL4MMyLJoBmX4bqcsl7JuhnshEZqYRhAxv3E3hImAPiqBb9KTUUIYfSLduJhEkb5B7TROUVUIJnXtE2AEoTa6t9+vi6q2w35Hp2F4oXNQyt+Pg9WmS128At3EEV+7udejZeogSutH84l3\/gU3DHjXQngDFihTAe5lPhecROgnyt5VwMd7O6YmRVfsOj42H\/ZH++1lodHkSGZ\/Ns0idkEjNVeIUJXHatyAGizQCJLChFLJtUpsgx+LqaYSFyasVirotsfxW8fPr8gz6AO6X1xrOIthBzZivHw\/5Sg+6fuYKlg5RzNqe79T9dBIWg+AaXnnTPYtthEfqmlkcYaXftLR08355QpmDcgA5h0VZX1y0\/0z54asjoqxdopyEaM5UU23F2h+Pp8DMPXbIncESNtJCRk3GceU0qa0huwcUA9dR1QqzBt2TL3riXhYuTtVvmRtEon6U807KGkbxbuHtHlhdW3cSI+tTfBz7I+hXABTeTJVO4g8mv1BAmUM6vyDDncjK3Xj8YBPPycJiFQ1cUJ7jLRuEqp\/0kGCIEiBEfdqhMqk5Rlld4JEvLX6jgjxrqCuMUDOlsUA6yL662ZF4Vpvo6uo464ZQOZz7XsmdWiOw+RaFw7qhWQ1reG2Q2j7DyEkGPSbe6onvVnDamhq5+jAVXV0a8G7cckRdj8uMRmwc8l\/ydunQOPjhiJf7Il6ktccZOhkjPvbcy8VHUrWFXxpPjD60h8WX7lXO3L\/D0Tz9LtjWnvUnxEoH+xcDAwEZpPOf8OFnzfkDs2drmUC6EcnKQ3SAKivt4v8R4Q1FPQe4UISNG0FODAwySWon0CwLOpkYx9CT8LZDL7bln38LoKfHARhmHOw13Wi3wHw9AIT\/VGlLKqXWu\/PxlR3mPZEujxY4g\/rVWzWQBMFz66kgYgXI+TuVGbshEvmZSiDhUW6ikCjks8NIoL1xirlrFthKY20YhUaE1n4byzL6AGus2JKRCFoRjPbENPskoqCjsbpRNInibFuyIJ43zFOOhfjsYoE\/IW9NuWAlKBlzZlwr2PizZJB1SK38851iXxDDYjtusoE8VQPuPm8sO706fvdHg7kJ4\/ZNC0bqmVcnsIxJ7YBRIv5znHB7naMauQSrBN5ldew5TnMLuZAXAwMARUhAR5euyYskRoGFBFBTF9Qk097xjzfKwqne\/fGRbtdQ5mNxRFiSfFKQqm5Zaif0061VAnpXWKF26Uos\/8JehejdlVj3gQ=="}
00437{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":453979,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="}
00438{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":459069,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="}
02177{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":530624,"pkt_caplen":1357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1357,"pkt_l4_len":1323,"pkt":"xGGLNYKpxiwDYGpkCABFAAU\/RBIAADUGAVRfZRk1wKgCEQG7xZCMPbCToKaarYAYAOtpBAAAAQEICiLQBRgR3+dugmt7KJxMVZWwF945F0lKmEycQpJpUY6bqgQAK0nf+pJkj8E4rQ2x0y69LVDPgTpM9+czdnZBqCtr0boqaxCnCou3ABaxHRDO3QOoQ9srWmvjnio9WOJc0RyydygK0sfNQgeRBBD5TX7AJOFWbWBNBRFb\/rgvGpac1+gfT+sF0qDvHzBTh4qZfWt70wb6kUq+TuTjHNkv2NPrW10foiOkq104Veip5IYLlvX6jJJoW9m7yGqg+HmD84C3eofwA7\/j423hl8zwElvTVgCT8CYQ9GHIJ6J23Mo9iJ0yPb+KmOQ17V1w2iJlgD1hnIzDTR\/9eawqPpUDrAlegXvQ7qyX1QVZ0ccuJgRCoivbXN4sI3nUqLJeAJlVwD33DOkrlN4LKKcGtzjjRKBD9PqOUhK+vucR4AlMcOloNDD8whM3\/7Uvh0Rw\/x\/wQIKA8O8PaubbivYz9ZuQee\/1+N4tl+B24UCFHS97462jIlvL4MMyLJoBmX4bqcsl7JuhnshEZqYRhAxv3E3hImAPiqBb9KTUUIYfSLduJhEkb5B7TROUVUIJnXtE2AEoTa6t9+vi6q2w35Hp2F4oXNQyt+Pg9WmS128At3EEV+7udejZeogSutH84l3\/gU3DHjXQngDFihTAe5lPhecROgnyt5VwMd7O6YmRVfsOj42H\/ZH++1lodHkSGZ\/Ns0idkEjNVeIUJXHatyAGizQCJLChFLJtUpsgx+LqaYSFyasVirotsfxW8fPr8gz6AO6X1xrOIthBzZivHw\/5Sg+6fuYKlg5RzNqe79T9dBIWg+AaXnnTPYtthEfqmlkcYaXftLR08355QpmDcgA5h0VZX1y0\/0z54asjoqxdopyEaM5UU23F2h+Pp8DMPXbIncESNtJCRk3GceU0qa0huwcUA9dR1QqzBt2TL3riXhYuTtVvmRtEon6U807KGkbxbuHtHlhdW3cSI+tTfBz7I+hXABTeTJVO4g8mv1BAmUM6vyDDncjK3Xj8YBPPycJiFQ1cUJ7jLRuEqp\/0kGCIEiBEfdqhMqk5Rlld4JEvLX6jgjxrqCuMUDOlsUA6yL662ZF4Vpvo6uo464ZQOZz7XsmdWiOw+RaFw7qhWQ1reG2Q2j7DyEkGPSbe6onvVnDamhq5+jAVXV0a8G7cckRdj8uMRmwc8l\/ydunQOPjhiJf7Il6ktccZOhkjPvbcy8VHUrWFXxpPjD60h8WX7lXO3L\/D0Tz9LtjWnvUnxEoH+xcDAwEZpPOf8OFnzfkDs2drmUC6EcnKQ3SAKivt4v8R4Q1FPQe4UISNG0FODAwySWon0CwLOpkYx9CT8LZDL7bln38LoKfHARhmHOw13Wi3wHw9AIT\/VGlLKqXWu\/PxlR3mPZEujxY4g\/rVWzWQBMFz66kgYgXI+TuVGbshEvmZSiDhUW6ikCjks8NIoL1xirlrFthKY20YhUaE1n4byzL6AGus2JKRCFoRjPbENPskoqCjsbpRNInibFuyIJ43zFOOhfjsYoE\/IW9NuWAlKBlzZlwr2PizZJB1SK38851iXxDDYjtusoE8VQPuPm8sO706fvdHg7kJ4\/ZNC0bqmVcnsIxJ7YBRIv5znHB7naMauQSrBN5ldew5TnMLuZAXAwMARUhAR5euyYskRoGFBFBTF9Qk097xjzfKwqne\/fGRbtdQ5mNxRFiSfFKQqm5Zaif0061VAnpXWKF26Uos\/8JehejdlVj3gQ=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":542807,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"}
00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":544705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"}
00602{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545135,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"xiwDYGpkxGGLNYKpCABFAgC3AABAAEAG+77AqAIREf1pysAAAFAslesym7UszoAYCBZ75QAAAQEIChHf5+kdNCSFR0VUIC9ob3RzcG90LWRldGVjdC5odG1sIEhUVFAvMS4wDQpIb3N0OiBjYXB0aXZlLmFwcGxlLmNvbQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IENhcHRpdmVOZXR3b3JrU3VwcG9ydC0zOTAuNjAuMSB3aXNwcg0KDQo="}
00699{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
00424{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"}
01123{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545339,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGYlTAqAIREYICLsWRAbsZOusY368Fo4AYBAtvbAAAAQEIChHf5\/C1T9HeFgMBAgABAAH8AwM6mEOdusbq\/ybUNBuomqShrPK58qj3XjuDYY2EHh6A2yDTYkCcwL+VPEDok15qjRZu79\/9di6dUR8br4F4StJmaAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABsAGQAAFmdzcDg1LXNzbC5scy5hcHBsZS5jb20AFwAAACMAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIN+r0D4xweI5p++PFWedre1z33L6xxisP0vyRpUTwaJfAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00427{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545614,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD2r04AQA\/TbXQAAAQEIChHf5\/Ei0ATG"}
00426{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD2wk4AQA+vWpgAAAQEIChHf5\/Ei0ATG"}
00426{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD21noAQA+DRpAAAAQEIChHf5\/Ei0ATI"}
00442{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545798,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppqtjD21nrAQA+AckAAAAQEIChHf5\/Ei0AUYAQEFCow9sJOMPbWe"}
00426{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD21noAQBADRNAAAAQEIChHf5\/Ei0AUY"}
00425{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"}
01125{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546273,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWTAbsyJO8WaVjUYYAYBAtPcwAAAQEIChHf5\/cAH8DDFgMBAgABAAH8AwOBTBzeu5w1Vp+4geGIpFJ17FWadQ3l1s5HLAc6L2e5gyD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zswA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIPp0HJk26NqhkuEuWSOpHU2lL9tl\/4KvwEcCcIghS34tAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00427{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"}
01126{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546492,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWSAbt\/OqmN8vqp6oAYBAvCpQAAAQEIChHf5\/iK\/qiVFgMBAgABAAH8AwOL0zmb\/pU6qAogKIFd\/Y4fHsvdGFAF8ZjXl6m9+L0uvyBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGFNND5R7cze3Z4nraCyXLPxW4F9FRO9m0bNnjdxh\/Y+AC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":556458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0f0MAADEGfEMR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6uuGQAAAQEICvbpn14R3+dr"}
02355{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":558094,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0QAADEGdqAR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6v0iwAAAQEICvbpn2AR3+drFgMDAG4CAABqAwM5\/rpwu4XTsZQaX3QVQs01vHFjEUurGLPVnyNHYTxc1SDLsh\/zpULORnljfAzCAx09xii78Mvy2XehUxljdu16MMAsAAAiAAAAAP8BAAEAAAUAAAALAAIBAAAQAAsACQhodHRwLzEuMRYDAxOPCwATiwATiAAPPjCCDzowgg4ioAMCAQICEAYmxU4Ra06nkoVjMfiS+ZswDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTIwOTE5NDQwMloXDTIxMDEwNzE5NTQwMFowVjEdMBsGA1UEAwwUZm1mbW9iaWxlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQifiE0uVN9JNPaVE\/RwxSRGnMjn5uDQ1GBxydIgahaf+LmEJkXkho7D\/TwA2AuzIlJvLZM8glg+dO7rpqpWLWqOCDMEwggy9MAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAU2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAChihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsGAQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2EyZzEyNTCCB90GA1UdEQSCB9QwggfQghhwNjctZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0OC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDUzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzQtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA3Mi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIUZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwOC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDEyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMDItZm1mbW9iaWxlLmljbG91ZC5jb22CGHAyOS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDUyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDk3LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTUtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA3MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDMyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjktZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNy1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDEzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzgtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxMS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIxLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjctZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0Mi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDM3LWZtZm1vYmlsZS5pY2xvdWQuY29tghhw"}
00868{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02350{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":558173,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0UAADEGdp8R+LmMwKgCEQG7xY+mDHirDeq42oAQA6s5ugAAAQEICvbpn2AR3+drNTYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA1MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDU4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzktZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0NS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDQ5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjgtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxMC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMDctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAyNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIwLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNzEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDk4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE2LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDQtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDA5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjMtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2MS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDMwLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDQzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDAzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2NC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDI4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjQtZm1mbW9iaWxlLmljbG91ZC5jb22CGXAyMDItZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwMS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDYyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAzNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDY1LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2My1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzMtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA1MS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDU0LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTktZm1mbW9iaWxlLmljbG91ZC5jb22CGXAyMDEtZm1mbW9iaWxlLmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRl"}
00425{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":559758,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgx+S4AQA\/Sh9AAAAQEIChHf6AX26Z9g"}
02369{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":568083,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0YAADEGdp4R+LmMwKgCEQG7xY+mDH5LDeq42oAQA6shOQAAAQEICvbpn2oR3+drbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDHv2aknMUATDctH1tf12x8ZPC\/JMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAnEGCisGAQQB1nkCBAIEggJhBIICXQJbAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFu7DnTkQAABAMARzBFAiBpRU8mgJNh7GNdtZlMDRQcbjPi\/4\/\/wZ1ToW0H2gvClQIhAKi+60J30VdgFpxRYKTmdWE8CoK6ZWdTas9ansmYq4tOAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFu7DnTkwAABAMARzBFAiEA2q+VXdLLQ\/joniCshAHmAnmx1V02J8o3bFveRb\/O8MICIBMznQ\/bkaGj37gml43Xzksn81jC6xtX5WXRr+Wrcg+3AHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFu7DnTkAAABAMASDBGAiEA8makDlmuV1GM019IeJgi37pxb07QA4fVn0MSstosS+ACIQDSBPmm9pqmEGk6GgJMWDZZO76J5HdvzY9Onihu\/B5Q8wB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbuw508MAAAQDAEgwRgIhAPNzBlh77K6\/TCVzmlBL\/zxWd4Gep8WH6zjqHl\/jrbV2AiEAncwJnBtEoBne9WX9\/03GUFw7xUpAi1lLAYshWh\/OV1gAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW7sOdOUAAAEAwBIMEYCIQCrqKlLf2ZhfAgsqqQ3Uw6M8nHId5iZUoGAJL0wRlDF3AIhANDWapL6dvUwkUd\/IH9zBHKBkUdvawfshpqQD5bP7ZqAMA0GCSqGSIb3DQEBCwUAA4IBAQAUmS79S7V53j1eiL1DYhfB9A2futkpnfFx6fPZxjwGyDSXhRr+NZuwXT+6J+uaNORrzLR0Zcy\/5X0Upu36o7CjABWMTf7aEE4nAq2dnLcRFZsXr3zuCGDT2SOqEA6uyF1nLZtAs9s0YOGP0fsYCTif\/tobr2lLa2wL3YnMmixppdFlMdI74ma1RTXoziDfAWc435upIpKZaEtvjjeGlBCoo+Dg0ZqyuQiWJju1f5jrBl6HL2WkYwZGnSFqGxVmQzMLLqgLd9AdvOGP2E\/WouTxaSHGAPr+2eisbUVvtS7fkprQohy8YHQV9mEkVnFRBXtiep7KPYGCqf8VeZyQl3bRAAREMIIEQDCCAyigAwIBAgIDAjp0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTQwNjE2MTU0MjAyWhcNMjIwNTIwMTU0MjAyWjBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQk6EdR0MgFrILa+vD1bTox5jN"}
02375{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":568201,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0cAADEGdp0R+LmMwKgCEQG7xY+mDIPrDeq42oAQA6uEUQAAAQEICvbpn2oR3+dr896\/6E3p4zaAB\/xFG2p8RYauVtOkCX9hDWtdflJrfbTIOcT0Zzr3g84Zb4YvfkV+RxxnUsqVBV3iNlGFwNRngDVvFd0+\/R3S\/Y80UNjsdiq+49Pa5P3I6ygClhGXF2Ec6cRZO0LcMtEJHdqm0UOG\/16yvIzPZtsBiwKulEjzOI\/96jKoCOyGl1GUJD5JSZZT6HmhQIHpBbuTlVH84\/18EUv3ngizFUkVB\/nRN6CbSzL2tcTcatH8Cu324MUpoKiLcf4Nkrz+VHAYCm3H7Qz7yS0Gw4yF\/MuGXNY2jhKLCX\/7GRo41fCUMHoPpozzAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU2HqURHyQcJAWnt0XnAFEA4bWKikwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQAWR3NvhaJi4ecqdruJlUIml7xKrKxwUzo\/MYM9PByrmuKxXRx2GqA8DHJXvtOeUODImdZY1wLqzg0pVHzN9cLGkClVo28UqAtCDTqYbQZ4nvBqox0CCqIopI3CgUY+bWfa3j\/+hQ5CKhLetbf7uBunlux3n+zUU5V6\/wf08goUwFFSsdaOUAsamVy8C8m97e34XsFW201+I6QRoSzUGwWa5BtS9nw4mQVLunKNQolgBGYq9P1o12v3mUEo1mwkq+YlUy7Igpnioo8jvjCDsSeL+mh\/AUnoxphrEC6YXorXykuxx8lYmtA225aV7LaB5PLNbxt5h0wQPInkTfpU3KqmFgMDBbIWAAWuAQAFqjCCBaYKAQCgggWfMIIFmwYJKwYBBQUHMAEBBIIFjDCCBYgwgaKiFgQU36Vol+mDVpj5IVylIMwrxtbU3WsYDzIwMjAwMjIzMDExMzQ0WjB3MHUwSTAJBgUrDgMCGgUABBQmhIezjFAVKZfb1NF+N\/8\/LvMVaAQU2HqURHyQcJAWnt0XnAFEA4bWKikCEAYmxU4Ra06nkoVjMfiS+ZuAABgPMjAyMDAyMjMwMTEzNDRaoBEYDzIwMjAwMjIzMTMxMzQ0WqECMAAwDQYJKoZIhvcNAQELBQADggEBAEMltyv8tJx1ZKkVnPUUGZ\/WakD0JOnod6z0CRlhCDJ3gNh+\/qto75ZiBjaJ0sPZoz6BU\/5GqH0pC7qPeA\/fdumSTm8EhT2sG0SUhbN7cb6V44taKboVd2+JpReQ0eT1DSfmpBvz1p8QQgtWA6EfczJP2Lvy9IdtuoULUv6N6AemjldwxgvuWGAFh\/RfHprWNldlKwycyFusGiqrVRTN9usJwJUuY4oLfbiA6ZKY4OqMu05H3m+bxXmidSOUT++QTRzjuAmANZ1No41dFUDe6cC+I53sxkhBH+4C1FX5OUM7QjDs2UPXG9fAfvJ8apLhqemh2FnOwztowCDz0M+amqqgggPLMIIDxzCCA8MwggKroAMCAQICEAyx1Y\/5QDlfRW3T86FXBVwwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJ"}
03041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
00426{"flow_id":22,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":569580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgyD64AQBACcNAAAAQEIChHf6A\/26Z9q"}
01724{"flow_id":22,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":579201,"pkt_caplen":1026,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1026,"pkt_l4_len":992,"pkt":"xGGLNYKpxiwDYGpkCABFAgP0f0gAADEGeHwR+LmMwKgCEQG7xY+mDImLDeq42oAYA6vOFAAAAQEICvbpn3QR3+drBgNVBAYTAlVTMB4XDTIwMDIyMDIwNDA0MloXDTIwMDQwMjIwNDA0MlowTzErMCkGA1UEAwwiQXBwbGUgSVNUIENBIDIgT0NTUCBSZXNwb25kZXIgTkwwNTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuNASekHmai55a2AA8WP2cLXdQEaNKclmOQfl5zAqJzkgeg899ClP\/K7XAMAqk4tqmlGJ8zb3kWoXsonC0VZAV2pdMjDx+XzWt38f12PXCbn+YTQ3Ia\/UxyJ+dE1VBZbjBzoxFvH7XvS1\/F0aH7ROSrQWX2ZMRQbRXTZtk6IHxr8b+Fn1mGboaeSL+Wax5ZkWQiXlh5sYCIKg0\/J24AfRE+j4KovXIigU4+j1Hmh6PyYmzkVpT9wqRhGDpuUOlCRLf6veVPWCwDswbhfx85+fNWhbNnBxT\/BWIjaLAkH1dcLlwHc4djK+OEvMjqF6K2e3x56cz0z9gdFObdNIHOOBlAgMBAAGjgYcwgYQwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBTYepREfJBwkBae3RecAUQDhtYqKTAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBTfpWiX6YNWmPkhXKUgzCvG1tTdazAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADHUTDZcgrz+VGTbly9lQDH+jgwaQQ\/udlTuHrl8wLnpIC1zJK2jaUktjcnjd4RIPRTZ4OYinH2q2df7YgU4K7ILpYyCO9xA9d9J4yW1EeP2NvBf1MBNYw0OI41QBvAwkYS\/sV+RUxlrWP0qD8R8LHTNftYYBBEFKFKMvdN\/p8sI6smB8BFx0LJtw+1sSet\/k+BApFY6BrC3LzqKQIatLQ4QfQTOSU8SqXwE0mdnTOyZ8OM4HF8eGliqBxAxPked9fl38Ne0Oa2s5l1RJHgNfCs1\/QIUI2ol1CB1o67ftUMFottwIgS7Vy8CakoO14D4S1xs\/U+fnXKKRtD8Z5T58MoWAwMAdAwAAHADAB0gABPObQPvbCGqVleSexP6W\/7vDllutvbDrf3tkxDNBBYEAwBIMEYCIQDOz6wI1gh3TwOiak8Zz83\/ebwv2DH37QCU9A6wZxBCQgIhAMu6h9hFcJPj5WUCBZ8V3O+QUCH7JFq51R+ZQ2zLIyyqFgMDAAQOAAAA"}
00426{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":580611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgyNS4AQA\/iS0QAAAQEIChHf6Br26Z9q"}
00667{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":582484,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
00425{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584084,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0nTYAADIGrQ0R\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVURAAAAQEICgAfwUQR3+f3"}
02371{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584601,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUnTcAADIGp2oR\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVBGQAAAQEICgAfwUQR3+f3FgMDAHoCAAB2AwMyKF9DOKuLw5bBJ9NVFrrF6VDCVBOwZ68rYpvChcZWzSD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zsxMBAAAuACsAAgMEADMAJAAdACCkt4j8DfZ7YKSUflqfW1DYudx6NFOgOWG7+Cp946\/oVxQDAwABARcDAwAqLFuqMhmooVCeSjCEhpoKgBvKl13GFVCOJk3aR6rc3XPfPiJvinusQIAKFwMDDhhIAmeGzJRGR1eJTrfqR1feayAaXq7CQmBH\/9e6IXhmUdMGE2QJ5f5vrNzO0E8uifDIBEQqnOGRVQJQALuVlruvkCYzVIbGOUGCxNe8n3Ai4O1YZIUvwvbPKpdY5VU++ysANIaeAY5xSiGbfRCGOZ0eOLhShHmcLyPuHTqYFddSAeq7VBnsu7fSW95\/uJc8wJ7zrLOp2Y7UWY8svtPWi8fO+vWC6X4y3thEneEzOvD624+Nwts2OGdwfJMiaE4j2l8eWA28W+euCESNuVfCrRALJWm6FEKnMmUF6vWNZcBSHZ9sdySmwgJdHKYtQwGs36+207DIMqXJe9zTWYxXE5EQx3HI6GruvFb87uDu+E03XOeGJ2GOyQiVXkfPhpl6lEdQ\/TISF1ErnSOdVdKBxh15KqFtDgpzEuvnEwY3yWumneuI7J+DN1cpYfQVjIhX6j7H7n+kj+Wo4eBiTL5PMwkoSCvOysnHjdG2swL5pr9oLDpHIuHxmCzpfKFr8RXLRnC5Sp1lN5HbKxO5XgxZYdSx1geSz26mdoOjLZiGVAMBbULNf6IJrl0pheFNQ3QPQZ4YsmmBgefhsM58bClY7h8xqQdtMFjOaP39XCTOgDO0bErTDEgjppTFlTaWMssMuRNdg+YTWJFW05BCumcTVvWvnnidekxWswgQvhECYSRUWiLKJm+cSv3bOi9uOzhskf0yIt4tPozdU6AWIBq54xZ+VZCMwO1DMheSSjsr5nZ7qpk9m6QCGV8wIj8rDKQgAbuTveOZJ2nRcvcj8gnhRo4zXz46w\/5GUCF4H+U2AI+sPiNDYC0Joe33tioUQXT9hXZGYohx9afTcX8OlPWSrffSMoWeioeSVenr\/47HU5l2sDA\/IxcpBsd0fwJFhdrNO3FIID0H9pgdYiwshv7baBudMFjb3+VXM9K8gclztO8xu4dcWmlb12ldRENYxjCN6DE0PFkv4SelKFYTFdj\/oIGqDn2XaBCMgoSe3F0wT13WY853OzhSFgFpciOjW6L+Hm7zXtQaM3fLy7QZu021VwJQKDIRH7B2Ra1hp\/uc1e5zQAQ7Bo7nWejNnGcpBECjNhNvB7sRj5zonFANuGdg9v2VfrHuzETjyCVJBbG8HJwKOhvIPzUtZp48o+sSIQTu5S99otz05ItW0MHSK5H4sqk9gKsX5wI8nPFrgjWPo4m6Dx8h7+uCatU22Bd5uo\/IyY5yjv1i42\/7v0FFbDd+LtEsR3B\/uP926VMTvEBsRx+c84cPqKILt+74ZL6Hj4al1EkHitz2uGe7lsVVvAF\/zUxSYNJ67ON68T\/xMoe+Vr9DntrDFqc5hwyHKWGHzZhW3uGMFK5PW7il00PWvcV2eHaNa+PMoOl4OeV5\/vVszZPBFR\/Z4zmHZk1P+b2R03i+ZmAq4PIy40nyybPThNFIvaHnuOLm+JM6tu2KeMgBP6OJ5uashzuhXMVOe9YrZ+PUmV4dUaQu+g3NydXZJ2Bk3lo7ZhS9pDit3G6Zz2g0m0Fa1KANHpfxlGC0Fr9ZhRCIhhIuCdZQwkIow6ge+P61amsPhYnP2UayQkffM1LtJycCJjPdUUhxz+7n98xdNa5qC1njfNjUGFPyyWiSDuAQO4qBOGW64cdrs3dKCRO2iwgKdh46ZPfPldOxqz7NCWCQ9YK\/NJWGacDu"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02383{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584724,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUnTgAADIGp2kR\/WnKwKgCEQG7xZNpWNoBMiTxG4AQAHVkJQAAAQEICgAfwUQR3+f3Zvji2ODt4UJ2pvF9R4RriUQbCa0l22b\/XtUcbkokh\/gPtSUqtXMb17TUXsUyTZ9pvxUJ\/s0Cz\/oX9qFdH6GZxa7kqTBzisVG+++NBxKSFqYRihc+NgWTaXL79PsMJ\/BjqF2+CBvNCiStfhGfynqVGi5Yp1a1yRNGREskAV4LoT2z+IvnFLgF1KD19HMmSasnZTf+MXtvFo11t1Zkst3ZIB2eg9uuUL87org1p7mKePyLBJj+s8m\/UZuEvCwJbQxkIVUF\/i8GjxLbE9N0R8ZCdweiBC49NtOqKGB2RffFsnTqNKtDrLEU4sUpvY1OQL3jZqJOX1jnLYAMiknG0eW7ZA1B+JXh4KcFHSsJctl5ioXeYkIR3MtyNI\/6wGgFF1g2ftnHKa1agN\/xKvOsfcLTgzJdGoLKhR7Vt76aliSvBOV17JFplmuPGrBq2Yb341a6U3WGV1\/KDArb2bVzBxEB8FOM6vwKk8Lt36nelt69dJVEDbVKfOc9mlbSjHFcwKnrASpOCXG+nrlqwrCF+cP3e8jx+VGyZw+fFSf+ogX9rKIROQGOGu05KjWuPtb9D5NFYjgehQub7xVereeuxgYVZcGofxlgtwpNHdzJAT9J4WHjNRrxqHBp+ncWyQ5qV\/yo3Aj4KP5gx4SLkGV1nykgQ7iLhi66uF\/TG\/NyVuU3+xNYDVaA+YO0jObC5mxUkFZnErbbIs6kdW+GkvhWXdh94Wb7bM8nYkjWCBUXWO2Oy51kuSTLWAjtrtusEyzwh0d+RAfvzIYIcZMq64dN\/TqiavvylXcYalEayAh6HoAJ+5n8ZsbuXfzQqesagNURGGRPYdToh52\/Bh1xqZ+sMftbOvPVmrsQ3POAYITRZ4S+nmIi8OsC3gfBrN8RrZL\/rBpfk9o+K2GBvVNbuWF2\/f8SjXxQMvNkUPpz932OYeEMrKsJviYP\/znQFp+Wucn1s\/pqY+ayQaByKd7Kb+HgXB21Jdgfcaod9m1va41VKDNbVRkuvxpFhSHonAvpQ9NSE4Zmtn6dNQJA+WvzNpWJhcTQSauml9GfTET\/DnnUlZOlFtJTY0q6FCv\/n4cjlCkvnv\/EZ7FsdH9q1KBO9rpVJhVHUzcMittzDiqVsv+C0VZJWxfv9TicUFXi3xN28+NkABnkFlQipuIDkC1wGnPly8\/DC3HLrriwqBciQqmWCkqiXJP4zj3ZwOjpgR\/PGLVWz\/EFCKLMrPXWiSm+iwzX9JuDkdSrnQ+rXC6zVDsk9dL6aBDcC1LWrPzixzU6eFErtZDDrJvP7ZrzmQ52iTHer1XvKvcBaY2dp2NnXLrxJdnR1diDHAJ2C4HvXDigJtIqm209r2EOVWjYSisPXmG00IEV9YnvNm+pH06Yomv\/PSfo4dHFEMyaWuGz3Ll3tepDnj0qRiUTpKxRC9funY9UK6G2bc1KBHfgmQZiA1WmR3zhTt+Nwo0AQaSpYlkSP7rkkvjo7jlMTfEWq+en9DjacxUhXmCnM5OJM+wDGLI2yYB\/Ko9dDfWHd9+0drzkYXhzyaYAprYDrdvSCfFdvTGOfzataFETb1QSk9rdZYjlNLUmuFhfg6TK+13n+spDpZ6vThjAb8R+N28NBh0DWlD3QI\/eC0KVLY+aJPxjyvR84\/1MH9OwsQUNjKgYDKJnQ7qYuo4VgRhquJgIK5e+YBhYGZcwnudxF3QdZNXuctrUxSABrC6TR054DhjM7sgMO5DcHBENCCidE+FjEh5D2xhT5hW2NGOHXhUBTCUCKPd4QSL9bFrm3gRMQcQpNCCgh7+6C6xcYNIeeXwxEylXDC6J+ndltB\/d5dES3LgU6UR1OqS6OXnnt6X1pV6sQ532ZSArjFbeEZTVJj5LB0\/RUUWjB20dL2Ol36W+DzBCta1hag59f1peaPYSI\/NMag7CFMYBebqI"}
01883{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584725,"pkt_caplen":1137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1137,"pkt_l4_len":1103,"pkt":"xGGLNYKpxiwDYGpkCABFAgRjnTkAADIGqNkR\/WnKwKgCEQG7xZNpWN+hMiTxG4AYAHUySwAAAQEICgAfwUQR3+f3bmhlOV29CE2iIFQAL59yDHBYlu6YrnPAdzt3j5FM2jbDZSDhondXPEizlhrpDXLAjVlwtk0IUbceHsFh5yoOZN9tGBk7OHFmMv0T1+dH8cVA\/ZDPwhUsYrrwAzc0YWp9D5l\/zKTDNRS2mpjlwGAgFnZFnuScCL7D3QDcI7zf+0xLeAKUXdJBVQ\/B1iWjD5PRRCsr8aAzUUhsjZ69we6P9zaykDvasuU+719HEPr89LlHjNSw774Tyn1PKGjc0MujgidrEB4VMPjTLoMpZ0taxIHy+MzJMx2LgsIuar\/X3CUtqIIy565AJ3w8p2uBOko0\/loR6b+whh6ChZgv4lW4ktyiwp02AxjPJLlgl6XHq\/Q8SmKq2smu4OmgKcV8MWLymSeplhXEQLrf1AsRGsY+p+ZhkVfiunEIFHwbM7l77Ex6Z8B2eC+rikR\/mUk800k\/4vHjzPA1N9v3yDlEbnfKZFmZ9OwZGGBXC+hhtqjP2bLRU1QgmC+ItZBF8t6irLEna11UfoOoh+ofgt5F3vgBfEAzuayRaZNLNW372lqrJSIuio3gL0rq67JbIs7AfOkevcsPcTC7lPbR1JfX\/oaMLooYN5yRXN5as3b7SWDuA2PdZu5nw\/Pz0tDQrylmrZa45RegN7pLsrXE08BLMEN9nK3Ok30QQocMptp0lubYznZHbPlAkp5bRF1MibmHOo+LeLl+VIZHOd2vFkfgIGhO1qw3y7ZX0hC5mqHufeH2lQoMVSPQ8zFuNd5ILqwhKanmWuVPqjAPJiv86YqBn9fgjryXBSKXNLgJXjO7+zXshAYnr3qzhpJOwGm7pJxqdRoUsrHcujLU8ceI+bbRk80S0YgKuwqVwRwbz15t9BYrPl05hN\/kDjPli+6PB2Il6SyTl79r3WYEyOhfP8vNqV58\/IWH\/3fRUN2FZ4GbzxzH\/2g78IxGyWWQdAcLFEN2AzuweYVWqNL\/y0RuPez0cpw4E9WblWgU7PjppU+es+CUV\/7SSZf9wSXINWnoI56217hBrnPpxTU6Tr92XM1\/bx\/+PjpXhM9pu0Feuf64wgLDJ9luR15FBQZx7VnApsnqjimvzPIve32Gdx5Lr2hA\/gDjq0GABMHBWTBrTQAK4ivjpTyaldxaorhlr6vEB1BYALQUTd+orqiH54HSUe\/s\/hZijqhKFpVZlwY9fe0cVqYXSfoY1+J6VbPHNwk0+RbIoPCQ4RcDAwBffutJWKojEEfvmCbPI6CBi1igS4wHzeRQHzc9ELPs0jZtGic+XYFLaGyhckeBZW6sK1D0VI7D1mXO7LI3b5+6DKUNdNZj1qUwxqhf5EE\/MxaTnx1zHd6JfNCsm\/vQGvEXAwMANZ6dVG+AQNi1uSt+x8iz5PIcQE0Ed3YHapx\/bfyb4BcsV8etiToC8g2+Im9hshXQVBWAY6OS"}
00426{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":585123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jIAADIGTBER\/WnKwKgCEQBQwACbtSzOLJXrtYAQAHVahwAAAQEICh00JSQR3+fp"}
00426{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":586800,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJPEbaVjfoYAQA\/RFXAAAAQEIChHf6CAAH8FE"}
00426{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":586858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJPEbaVjj0IAQA+xBNQAAAQEIChHf6CAAH8FE"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454598587,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":587648,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"}
01357{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":587823,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"pkt":"xGGLNYKpxiwDYGpkCABFAgLs\/jMAADIGSVYR\/WnKwKgCEQBQwACbtSzOLJXrtYAYAHXbEQAAAQEICh00JSYR3+fpSFRUUC8xLjAgMjAwIE9LDQp4LWFtei1pZC0yOiBWdmg5YWxkeGF2b0Qwekd5WDRnMjZqWWo0UkJRWTd4VDI5VEFqT1l3aXRmYjB6VStUVGpiVjdqUm5nakQwZ2gyZXNmbmcyUUZ4cDg9DQp4LWFtei1yZXF1ZXN0LWlkOiA0RTY1MDNFNTU2OUQ0REE0DQpEYXRlOiBTdW4sIDIzIEZlYiAyMDIwIDEwOjM4OjU0IEdNVA0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNyBGZWIgMjAxNyAyMDozNjoyOCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiA2OQ0KU2VydmVyOiBBVFMvOC4wLjYNClZpYTogaHR0cC8xLjEgbmxzcmsxLWVkZ2UtbHgtMDA2LnRzLmFwcGxlLmNvbSAoQXBhY2hlVHJhZmZpY1NlcnZlci84LjAuNiksIGh0dHAvMS4xIG5sc3JrMS1lZGdlLWJ4LTAwOC50cy5hcHBsZS5jb20gKEFwYWNoZVRyYWZmaWNTZXJ2ZXIvOC4wLjYpDQpDRE5VVUlEOiAzZjEyODg0Ny0xYmEwLTQ1YjUtYmE1MC1iOGI2MThjMzM4MmYtODQxNTc0NTYyDQpYLUNhY2hlOiBoaXQtZnJlc2gsIGhpdC1mcmVzaA0KRXRhZzogIjQxYmEwNjBlYjFjMDg5OGUwYTRhMGNjYTM2YThjYTkxIg0KQWdlOiAyNjQNCg0KPEhUTUw+PEhFQUQ+PFRJVExFPlN1Y2Nlc3M8L1RJVExFPjwvSEVBRD48Qk9EWT5TdWNjZXNzPC9CT0RZPjwvSFRNTD4K"}
00426{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":589196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jQAADIGTA8R\/WnKwKgCEQBQwACbtS+GLJXrtYARAHVXywAAAQEICh00JScR3+fp"}
00424{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":589226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06hUAADIGyEURggIuwKgCEQG7xZHfrwWjGTrtHYAQAANrugAAAQEICrVP0n8R3+fw"}
00425{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":590442,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA00AIAADIGekER\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHV62AAAAQEICor+qRgR3+f4"}
02378{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":590958,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU0AMAADIGdJ4R\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHWr2gAAAQEICor+qRgR3+f4FgMDAHoCAAB2AwPdkWfjqfkybHi5hafIFCxMuXFhAg42i74xWcGK+Esm+iBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDhMBAAAuACsAAgMEADMAJAAdACCCQ4+XIllfV\/oyk2g\/erLLA4ruA7viRddpmmFPrNDoQxQDAwABARcDAwAqvLZxAURZbFmO6LRUH2d8WwuAMqGLMfkOr5xKx9YzdPly\/lRnWSDn51\/bFwMDDhZN6Xd6JBF4VAKva6f8VaOtzNpWertXOwTz4RPzYuBvrt8tpgt747fCcmPA5j+t793wFhGdnYKExje+MKvI8CfpncwfxID52p2FrL281ID\/f+JEEBoA9MM7lpPMw9Bo0oxjC\/61246W+Qwg+mE78Chy6XeMcKnScbNOGbOzU9ACc8yG+4Z2AsVPhP4em6V2Yt5ekyI1aR+mXE8zRFVqLmi7Tkz34ZrBe\/FbLHYtSOAiaQw+uBKev14+ND6dpvHsSaeiUvan67aE3f38cNQL03wvqLIDqV2WTfkT8h3AbMlKLnjlp2q15Zcd2Qe40fUKiOWIwMICW0JKKLGCyXfn5Y8Ds7MCJp3LS3wXLVn3FVVaGBuu1vB\/yHweUg++cLQC295Knysp950MbdZCbRNai7I7nFgWnQUtGfTMMcn8A1md69Vmfvz4pqB3UAvYLkKM0lKR6HTa2LzRPpI+CmVRT4yZTYWwfgVcBT2KrghjIisWRA5q5wzHvSjEvc2azKS4butT0OvxUGq77db95SS3oVAzOvdBy6rK7c8Q5C9VcvXAaOOdSqaOiv7zotRcXv+0fDMyE5ICsvIZZEj2nvI5Qk32oNAm\/irL4ZQqab3apS1ASdcMceK2k\/7RBTqX45UtjgDGUa33lcCHiBbC2lf9NRE1MA5aNJpm352Jw7iWKFnFykHE49TP9APxCXSCe5W3zJb2laG5jCE5TNq5rfTlCAJLE57e5ccUzGpWcv39IsOSWolJMWubxvv7+9GxBsvuMa4YDirQpdtYB+DbnzvnQ+cnyMKIV8oWOhjEdNr5wF43CKdtEKOkeI3iecgDUUhSfdxSWnxytcF2PGkYIc617xvgQrpfyLXR99OH10fuWf1jK3BkvVNBTiSa\/HNujUSahH2NbLq2d4GwqyhBf6C+7mvrmsr4\/4L9bfj8l0P3uJVjV46Va+dNjIizc2gQForAjmfy3032Bh4lO\/4MIyuwGKoOuycFjnLzGZE1woVyF41xfr+TKrfF7\/hU95kPKB7hYf2\/4yRSrFfiEEorGHRfQmj2JZD6zLuFs2ap5BP1K2RyxUGjL2hlH7kRuSLqqORtZk2q+X1b7Akub7fk1VZYSedu80+6n8XnT4k1lgLE7mZ6dWxCW0xSy\/p4HJlW3AZdiqWugXe6QBmAJEFixxGVWCyC2pHgBQPqMs6qWCxk\/Mrf6\/UMY64DmyTAXT4eIqobD1urftCYJqYmKqpNxJoegGynAsCSzlaetj6\/Btpwaz9MdhS1mqRN\/evH\/AOZB6lawfBkd3OUp31P48uAyuFVnFrzPIrVfVYQY\/ETPLPafGT6PtfARjEVrJuNG+LYNCVupAazT6odke5WzQyJNrReIGpAbGpvT3PoyrPMn0KNSrnuPt25\/HHN\/uizy4OgUANTEY1E5L9+JdaNqdixMGIlHwvJg0RUsVnyj6t3Bd9CmXm0anZlQLRCBdOvIVFRt2uXtmvFuRbKF2J11BbEvPl+k4zw99kzDQXvKd3n65qfee+hC4JsXSMMS33fplhNNBJKF19+P0ViDgm5r8nzJTtrTFNVD6bMVAUujNUDXr6o10oiAuN7z+RP\/O7ANSRrj1YJgbK4V9LN7OvtTwavaMYScgdzPmoIRUX5pWj07S\/ZkL0+sJSYqbw7c7JsfUdwEOI\/BAACrLxZU0YK"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02381{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":591177,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU0AQAADIGdJ0R\/WnKwKgCEQG7xZLy+q+KfzqrkoAQAHUYLAAAAQEICor+qRgR3+f4QHJmI1Cnwgdi5hQt7BXjTqx0AI8Cq2kXdsBd9yhND8LWMKiSq0VmmbX+8jfkSziqSouCzetN5SJhqPoujPFU3pisWEtWENyzRZzUDEzQ1w0AO9l9QnCZZTazBaLSzU+d\/BgnYEgd9TWpJroigc9bK9p\/vbRyjl5IJCG1ViB3SQ8zu\/NTwrZ52qHnxA2SShMRcT6jUEWYUm4MW+Zs9nfWEiURYKpBX1Ugi1QQDhcyQCmXIJJhveqKinxbsPw6stD32darp7+F85Mi\/FG2fjqrhYFVWIbHJSdp+5\/C\/q4LwqWGJGWLKLZx0EdfOrHU8s\/oJYdzayAIUVFmA22082SMZ3LH2kLTexMWBJ+0zP\/tvKCDwHot\/OOBXTYvHTH2wrdNXPwGTc0gvU+6Tqk+Q135uexNZ1kOU9eq7xQ5JlhRWSpvBwzrzpZkwo\/7XFgDB\/AdnJxrUom2r+Jw3tg8G2WDiFCCUe2qq\/uRGivATOzRTEeyoTwiVbUWnGcEJd\/+p4TPqKxREPd\/xqoaNjFd4Md5qyH3WoM0ydV\/KsCcMTmCSubKz201vYUZWKBDEh4Uico5+MRcQFTyOrMCZF8hhoOfwQaAzwyuDCBfiF9eEGeJpMDgUumLfjRxygC2HK588uNM8VMrol4yKT20cR30gMhL9229bSneN5bGXDiEtcBCrbiz8RDHhcVHyD5B8VfaPqIQ\/kA8pHo\/5rLw7NByJ0Vg7jVor1MQhlhs\/bMPHgnTPeG8IesmgZs3U2oaTSgniLbAMlBcIrmf2oZER2QWMIFqhSTouDETiKar0dfMRCVl1FvVmweb\/ByLx8LvdspM5\/majrxONFj3Bs9p0m08gWEjbFeqTFsLLLn3A83v0VLpswkpQ4nNwVjm3dnH4t9v9Gxf8YeLqr92xS+YUSdxlApJ3QQf5XOxmbUv1cRtCD3dkRNV\/7bfmr18FD6XbifYOhe8FMjB4bwKo3pkMtA7l06nSWzNH1c1sfDsBcy723H4TyjhEipbxgu51KZnRMU3n6mfFLmhRZPM3aOabHlufGn3S+u1l1PPMWx4WrWzIuCPhTif1H6iKVD6hrUPRixHcelbraACOhx1uqgOF9R+vfP1\/BHEH7Y9W\/0uph0S1uShxkR3buFRHePFSX0g4BKO+Wx6Ty9ctg\/5PWY39G+Mf95lrKmYXiITKJ9+IqVWm\/iyzPDwnDnVqqQ1Kj196uTW2\/bYx75cuMpAXDRCB66vsuQKvl0SdlnsIaE0zYQ\/xHEuMuZhmYp5Tzl+kTx1LrtVZ7UGXMzatQSw6VMgUuGHMKqraWF7uNtz7CIvCF3s12UNOHztv9e4GhvtJHrMNICy6t2Tc8hJ7o3jWCd3KEWz1LMi6JfSRfRMYilCoJ0WvZ5ye1egjDaqUk39VhKEDs6FiIVWKYwoLS3kZyOjmj8NO2zbaHmPyFBlJSlfK5M71ZDC6se40lUFldoMCkjz5goixv0grJaTlK5fIl5jUDebArkW2dbAIIPVb38Eis\/S2kdhrlgmGy1vMTagnOlqP6DJlElA8cZaiQZNmGrN0Xm5E+IT9dZpmxpLDHQap+569WrfXvNqP3P+X+Z0AJpNzsKN6O9MzVvm1+kCCVj4udI7dJlDfI5cU7N2OU3ctWPv\/NphdE6uu6z82Q7aNeUTWl3ag7uKZS6lYmYlVpAOQcP5vzR63HQSXFgHDk57PTeTO5xNyQ+pRWcz4tXWtA7\/FX6Wn9TW9+6rW9TNr9mK0QOC7EUhdd6a5Ua7i6kHWMpZSY5FzhHPwd4Jusw44tSWnEGC60yMyojeF35YhKexzzXRSILKjnT3dTgo1JUXmuyNKvZTQQNbuyWPgJVje28gO9KVstdshcDtjLS9dSPDH82HWBK4oXdckMPy+7yDsdcsm4F1yy5sYX0+gxSF0BW5Da0zfp+k"}
01892{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":591563,"pkt_caplen":1137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1137,"pkt_l4_len":1103,"pkt":"xGGLNYKpxiwDYGpkCABFAgRj0AUAADIGdg0R\/WnKwKgCEQG7xZLy+rUqfzqrkoAYAHWR9QAAAQEICor+qRgR3+f4JqEdHue5ivuX3xFR31+9eQx6qvHpEO708glv1H56cewXcjpv+hUvLBg7KDhtwU2nbo0+31kknyWNwqjsZWLBxCaJIy4Cxmn\/CjuRJCBCyRsxsBL\/NweZ2r0Y3qI5z2Dfqh3QjQKYj31cBf\/AY\/2NZd94X+PQZkKk+3YznOJ0eQwe8pRmG5B4x9lbgjrZr29Tt30sFrEbvjSbldY1RYgH+rKr5nNOpoi2Yhl1m+RLYoTH\/eSm1hgBZ5T37hoYFPrc0FRavq4ZQmHGbMWrzzPl2JkyOgLf+urChmnLqPB4MdE4PUA\/e9gvHGDlMju8JSWALc0964HhMObNrmLMTq7\/elCbpjsTg+NmxPZ66U18mgPeeSZGixPU4sNEA1GABI2KJag01TktU2rGxewKnpRSpg7Q3njLdWKBh2IYRiRd+ecvORQIxK5m\/Rr\/TJveu03zZ0KBQjH5iNCf5aR\/LdV6NHeTc2+e8qyPPkV7v4QUyffzGuUf+Y\/Ob45MhP\/2TiKgJJWnRGE1UKdIvAVqEFg3dyLKkx2SF6062tgAf6mvCrfVNI4K2CBH+8JLjwYfzg00Un\/lHD0ovgl2v74hspPG+F6DLOfjrgRnpW6\/tZWvbxnGim8grAduSl2d08spP0TgJyijkd81MOX8uKXfrQgV2kQpk7XNPRDN2ztMC7h\/IGPWnzCaM1FSPfcUSAh3YwV6XjdUhm7qrByCjoeEmdD4KODp7cNhy72KZqj+oN4YMLfZ\/mq9xnMvswNVWdsxbiIqEe8Fhw4FY3ZSAJX2IKyj1k6SLcjKIUCnOKgZXQN5IUgtcwptc30ft9A+Ae2CU6wWBvfspIPEbl9+apyTmEfjOdsqV1JA9XlT3Lq9MxfKTF8aUiHFECwIPu4ctIjeRf7oTbx+k4hMWX05YVmGnImHgxVs9iap8KX\/940LlU4D\/BZIi8Pwrcu0nvruQVWp9aE\/ZQjv+GZ5\/PSFWwvD\/frt5O9JNm0zyMrAdYHQAW71DPYYzstaYsJ1E42vM93oeKuiojoO7uCdQq0chaF4SNZBRyKEjbrhBgp6dplqdCW1Sj\/DUMgFy\/D\/YOboH\/VU6PLr+c9kYpjLKFnf4TDYqdzNmuzi++tdYaO5xtoSPYLj6E5znzTTWv6D4HKnet88VOXx49SBYJTb\/gKCQ8K1aVd3lyph\/iuhySiPCeYYkZQwzielRjV4HVGrD\/PpF5AKsoIXAwMAYRz81U3qiwAn+rx9UWCWO1qjQqlW0\/xp\/WynugxrneryUXe9onWUIRFs70Fm6MXIJCYt5QNgxLhOAyFb99A2Ad27qL9PfMvyCsTeSb2nzveoeE8tl9VTZW90eMgH7tmLkMgXAwMANXJ\/jLnTXKPevW+k0tEB2Z6uY0bhtV8qnV8ylPJY6jjqyxVqzAYJR+KIA\/aOdL0pbPl7\/+zF"}
02362{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592070,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU6hYAADIGwqIRggIuwKgCEQG7xZHfrwWjGTrtHYAQAANCLgAAAQEICrVP0oER3+fwFgMDAFACAABMAwNZdFzV0QA2PKiuTvgdN9coa1Qdq1L8ifbPWVMLctdgVwDALwAAJP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xABcAABYDAwyCCwAMfgAMewAIMTCCCC0wggcVoAMCAQICEGRKaPARhhkxGSgjco++FUUwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MDMxNTIzMTcyOVoXDTIxMDQxMzIzMTcyOVowdzEXMBUGA1UEAwwOKi5scy5hcHBsZS5jb20xJTAjBgNVBAsMHG1hbmFnZW1lbnQ6aWRtcy5ncm91cC41NzY0ODYxEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5OQ26NMG3+wL7VQiRvYmEl0dQH+y7jG30Xq0szwA0HhHUOltteAVEk7uSCV770vGd8H4YroH4zaTHuZZyL\/metoo+fOnZZ8yuBRKAQEmLk0k6cXzi42emR3UOxVIxlABab20cmMjigYECGz1dGXF0EVjhPY1lgnLend8sIR6OL7\/ObnoRYnAwHUkr\/23MJhV\/9WLdWWoaO0o4XWPPqhmI3OqDZf8Abpu\/K7n7yd6VTKQexqxHBqHI6jliuXkwp8rR5j2iTOLocZme0verNUtgPf0J3B7fESJtecqmpQmw\/OkATqNG9TUcsJZ7elwHm\/QpnqO5VHCTWTA6kKoCj1HwIDAQABo4IEyDCCBMQwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBTYepREfJBwkBae3RecAUQDhtYqKTB+BggrBgEFBQcBAQRyMHAwNAYIKwYBBQUHMAKGKGh0dHA6Ly9jZXJ0cy5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5kZXIwOAYIKwYBBQUHMAGGLGh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGVpc3RjYTJnMTIwMBkGA1UdEQQSMBCCDioubHMuYXBwbGUuY29tMIH\/BgNVHSAEgfcwgfQwgfEGCiqGSIb3Y2QFCwQwgeIwgaQGCCsGAQUFBwICMIGXDIGUUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIGFueSBhcHBsaWNhYmxlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSBhbmQvb3IgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA5BggrBgEFBQcCARYtaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmNybDAdBgNVHQ4EFgQUP8a7O4KKBEkwqYE6aCTMDXOI5ZcwDgYDVR0PAQH\/BAQDAgWgMIICbQYKKwYBBAHWeQIEAgSCAl0EggJZAlcAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWmDro+VAAAEAwBHMEUCIQC6qNKm2PO2iVnAY3dXNcjP\/RRQr+eSx577YiUlj0HeEAIgdvb7+Pm+oRrOHFlvXDnzWATgNjKeT7gxKY+JAZJ\/"}
00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592079,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU6hcAADIGwqERggIuwKgCEQG7xZHfrwtDGTrtHYAQAAMqkQAAAQEICrVP0oER3+fwZooAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWmDro+XAAAEAwBGMEQCIAP01iSTpljIzjFVfH3bSqLJ8zJf0QbTBoJ4F04sCl2YAiAcz7xSNKrHIcafP6evKtJMETOMl5mRGzgWHb1pdUy11gB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABaYOukHcAAAQDAEcwRQIhAIHJdGljpS8EnOBT8HqnM9pqHuT4kpfw6aRKYr2ifLD3AiAExKL9pYFPcaH1\/\/Qa6UYYTKgFD\/mGj9jVUDZXDlx0FwB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABaYOuj58AAAQDAEcwRQIhAOykdqwFKJ\/evq2GZyLxer94+svbUqdIz6f5TVT6luKuAiB9w3hGSXUPQT3WSF4KHZmO\/m8+3kD5OS44XjX\/+zncOQB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABaYOuj6QAAAQDAEcwRQIgMekPCAB2cdLnDkrErZneT37AagK6SF5591cou98K8PgCIQD\/5YxliNlSpuHP\/WWiT1ZdxnMeGlJtdVHI+wpOJESyYjANBgkqhkiG9w0BAQsFAAOCAQEAjZ0P\/nG5YRxm8RLTijJiE2Qx2JxB4urIMqbhv1VBez\/3VSqn78NlrWxVq66QqAs92I+rR4ndtmBc2L267RvelwfMSJB8Zemk\/\/03uKH2Pj+z8Bd8ROX4JP1Ys\/p63Fk1sh0mfAMAscorYQioE8c5w1qg4+\/33MspRF86C61S4D1XK219g74\/kqmGu87Ca3weX818oLHqs\/2H+xU87sggygFyq2jGxAkyMpbAfpuk2dpc2fkZBmBimbH7tcgb\/MRr7EAhAd+Lmig893bmEunIyDfhCa2uLR78LYvEUinQAlMcHYYYJMD36U6skh+y0nDm54NvrBuMJtPGTTQeZrvgvAAERDCCBEAwggMooAMCAQICAwI6dDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE0MDYxNjE1NDIwMloXDTIyMDUyMDE1NDIwMlowYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JOhHUdDIBayC2vrw9W06MeYzfPev+hN6eM2gAf8RRtqfEWGrlbTpAl\/YQ1rXX5Sa320yDnE9Gc694POGW+GL35FfkccZ1LKlQVd4jZRhcDUZ4A1bxXdPv0d0v2PNFDY7HYqvuPT2uT9yOsoApYRlxdhHOnEWTtC3DLRCR3aptFDhv9esryMz2bbAYsCrpRI8ziP\/eoyqAjshpdRlCQ+SUmWU+h5oUCB6QW7k5VR\/OP9fBFL954IsxVJFQf50Tegm0sy9rXE3GrR\/Art9uDFKaCoi3H+DZK8\/lRwGAptx+0M+8ktBsOMhfzLhlzWNo4Siwl\/+xkaONXwlDB6D6aM8wIDAQABo4IBHTCCARkwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFNh6lER8kHCQFp7dF5wBRAOG1iopMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0"}
01406{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592156,"pkt_caplen":792,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":792,"pkt_l4_len":758,"pkt":"xGGLNYKpxiwDYGpkCABFAgMK6hgAADIGxWoRggIuwKgCEQG7xZHfrxDjGTrtHYAYAAOHLgAAAQEICrVP0oER3+fwZ2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQsFAAOCAQEAFkdzb4WiYuHnKna7iZVCJpe8SqyscFM6PzGDPTwcq5risV0cdhqgPAxyV77TnlDgyJnWWNcC6s4NKVR8zfXCxpApVaNvFKgLQg06mG0GeJ7waqMdAgqiKKSNwoFGPm1n2t4\/\/oUOQioS3rW3+7gbp5bsd5\/s1FOVev8H9PIKFMBRUrHWjlALGplcvAvJve3t+F7BVttNfiOkEaEs1BsFmuQbUvZ8OJkFS7pyjUKJYARmKvT9aNdr95lBKNZsJKvmJVMuyIKZ4qKPI74wg7Eni\/pofwFJ6MaYaxAumF6K18pLscfJWJrQNtuWley2geTyzW8beYdMEDyJ5E36VNyqphYDAwEsDAABKAMAHSAEN1l3z1MIds7QfYyxuK7\/V8Dclcp3hwl2d8VuWSTRbQgEAQA\/SkBXY8ZMu5f7OlqejpFPerw1+zHh6NCnu87LhPTQ9\/RorGa6QeGaStaiATpErMqJFcfDZJ6Enf2nGV4poLGqB0HL7\/2eU2D2J4\/x7RDb9JTkN+7eeK4eBj5C5XTwuRoglCdnwKOMDuL4d0PMW8ktqaVHYXj2muifNjS1W7eyHL2JBCJjPIkbNbLtB6G8J2J9en8DIrIcW3E9sCbYvUSgPiApPO9x2FMxtbbgET+epQHwOBuZ6yU9A7oaI1ORhOeQtsmHeV+hRRdVZ31GwHnw\/R4vx02pzdO20qB8Xmo4us0J\/iclY6k4c75AlHn1uTYmPpAMLFhaPSGi9jZfJQMgFgMDAAQOAAAA"}
01140{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
00553{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":593624,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGrCfAqAIREfi5jMWPAbsN6rjapgyNS4AYBACptgAAAQEIChHf6Cb26Z9qFgMDACUQAAAhIL9y1EDy9eTpmWS0iKCdetkIBrN9k091SGDIaH3oGnlJFAMDAAEBFgMDACgAAAAAAAAAADOHN7wq\/sCzBaRwj8WRi2eooJO8qHv5P+c0wRI9i8de"}
00437{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":621600,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713167,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="}
00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713210,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCUOgAAP8R5V\/AqAIRwKgCAfrLADUALpJfu2MBAAABAAAAAAAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAE="}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713214,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkxGGLNYKpCABFAABB1EAAAP8RYgjAqAIRwKgCAdBFADUALQ1OiY4BAAABAAAAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAQ=="}
00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713413,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7QA4AAP8R9kDAqAIRwKgCAfQ+ADUAJzA9jewBAAABAAAAAAAAA2NsNAVhcHBsZQNjb20AAAEAAQ=="}
00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713473,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCtyIAAP8RfyXAqAIRwKgCAfeRADUALilRj7EBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713588,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABD8ooAAP8RQ7zAqAIRwKgCAdAYADUALxueCAsBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713711,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCQ9gAAP8R8m\/AqAIRwKgCAdLfADUALndaZloBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713833,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":714280,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkxGGLNYKpCABFAgB0AABAAEAG\/AHAqAIREf1pysWTAbsyJPEbaVjj0IAYBAAl+AAAAQEIChHf6DQAH8FEFAMDAAEBFwMDADWHsyiYnHR9U1VZ39KYD7Vit6YXikasTmHUUAQVD89cL6mKnwQVFe0\/0ArpPWq2vxLyjznYdg=="}
00964{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":714447,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"pkt":"xiwDYGpkxGGLNYKpCABFAgG+AABAAEAG+rfAqAIREf1pysWTAbsyJPFbaVjj0IAYBAA3bwAAAQEIChHf6DgAH8FEFwMDAYVgkPd18XfWsYhba8Leaa1gm9tllqtkmavMsp3W37EAIK5\/LGFO0M52xTC59W8vBVPRQ6aOqDV6E20MR7dmI\/8Wz1pBTjpBzRmrxsx2sjaVZoxTRD+FCeE1+Jx0bguRZ2HLMsMGm77uEfhRs4gGCFLGYOJtA0t8w9iIoTQrmte5QizIjaUxlB9ndiAySdGLRwCaFmhPicPqAT3OPW12QHi9PSX1o2e31uGlbFc118YD\/+9xS0RPO4eQmZqFzUYM+5jQwOqYiexP9p55UOnmAjD4k2GuNYPaCPFs31IpulHvr5m1Kz4j\/2uLN9S3x8XK2RQ5XEHOWalkMK+CkbUfLNqWIJT+dUQTpIbvidFnWLxD5av\/p+Epc8GjJpiRcTzHtyKULgBz6CaFkfPvGiI4tvt\/K9hy61F3LZoXayll\/zzYO1Fpy1qm06tHwnAxX4sfoK1iGkW\/FgzGkaxFUGUBYbNxMEx6GG1JtJkdFbPddso6jO9mL3IJXxGRe2gGpGY52elc32wlww=="}
00425{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAsleu1m7UvhoAQCAtPjQAAAQEIChHf6JMdNCUm"}
00425{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAsleu1m7Uvh4AQCAtPiwAAAQEIChHf6JMdNCUn"}
00425{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu0d368Q44AQA\/Rb3QAAAQEIChHf6Jq1T9KB"}
00425{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716905,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu0d368TuYAQA+5ZDQAAAQEIChHf6Jq1T9KB"}
00428{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":717341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OquS8vq1KoAQA\/RrcQAAAQEIChHf6KCK\/qkY"}
00428{"flow_id":28,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":717448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OquS8vq5WYAQA+xnSgAAAQEIChHf6KCK\/qkY"}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454598721,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":721885,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"}
00424{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":723398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"}
01126{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":723584,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WUAbuGKOrEAHfVYYAYBAvpygAAAQEIChHf6IhbEwd4FgMBAgABAAH8AwMzFRfGYqEP+F2R9Wbx8vDWDUZY+c8QBvM8\/0aM\/WEb9iAqPOeRwqVGvKjyGH\/94GF\/v\/oQUTEAuuxnTPPcBfvphwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACDRnQWWCbYOcip82sNQrIRN4GlIi3Ilb2X7z1S+9ioubgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00553{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":741873,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGY\/zAqAIREYICLsWRAbsZOu0d368TuYAYBACs0QAAAQEIChHf6LK1T9KBFgMDACUQAAAhIMgVY244BOxiKd2+gdbWzkS7fU3yOL5z306xpubGDQ9tFAMDAAEBFgMDACgAAAAAAAAAAFM42iq4K3c4kd2q4XVvp0HV7UIJJNofTiIO8GDsfdpQ"}
00496{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":743615,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnf0kAADEGfAgR+LmMwKgCEQG7xY+mDI1LDeq5N4AYA6v8uAAAAQEICvbpoBoR3+gmFAMDAAEBFgMDACgAAAAAAAAAAA3b\/qASlfy2I37M+RYMkmQWZE0T6Nz1drAnpgD2lscA"}
00519{"flow_id":28,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":744914,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkxGGLNYKpCABFAgB0AABAAEAG\/AHAqAIREf1pysWSAbt\/OquS8vq5WYAYBACILwAAAQEIChHf6LyK\/qkYFAMDAAEBFwMDADXYj6OcZ3754e+7+OU9dS\/mOMB0szbGNwTAiR9oKCscWnhKPEGDnnP7csWGx3lccKumqgrS5w=="}
00930{"flow_id":28,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":749982,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":438,"pkt_l4_len":404,"pkt":"xiwDYGpkxGGLNYKpCABFAgGoAABAAEAG+s3AqAIREf1pysWSAbt\/OqvS8vq5WYAYBADp0QAAAQEIChHf6MGK\/qkYFwMDAW8XkiUsYdYi4gEEa2p68y7q4YhYQpyIHWBtUEdZgKR1xQJYD95SJvWcSz9AjF0XFzi9f5Yt16P5Jt6A5qBRaFQr1j1Cidj18IkTxiP+IkbyhEMBdVazel4aEjmsF25cWkJQCJwM8IvAQfFKSQUPR0OZZqsPqV2z75y8WPhJY\/qSCWX1RvDg3iW+HxYiOXnRc5PUwXNqRkstGMvU+KqXEbS3CMGIIEoALID4B7LFZ3\/6fIiygspycqOzDYnr4nbL1vAp+57KUkf4kKFi5jvsXGq+hR6h5BAa+8bisfma+Q5FOnKBSiWwDnFeMuCVWmcQuak0PP8WPEwIhtoyLBv\/8Angr4IasK2GbOVDB0UUsClgzkfPTx9GvxPu1lYcp0cxWG+p6D67tYFcvXTBKYLCnnSvhghozZf+mqQ4vSUeudb3w+KlkPt5BbVYoUHi0K+LXSTVBHiWoCnAutHnJ5QP972YFx\/7oo+4R3CgEKJOVAUl"}
00822{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750143,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTnToAADIGq+gR\/WnKwKgCEQG7xZNpWOPQMiTy5YAYAHoBwQAAAQEICgAfwesR3+g0FwMDARq+JSDaRuo+lztnEnUWNlmvEejTm\/rSgA7jki+ozt4tIa7R4HICQeNtqEXmAxGGqSQO+vO1AWhCKAqGpNvwQ\/DjSJStxGhPn\/ZbQ44ftmvtluqTFBcrA3amnQkX2rpB\/muOY6S+ZEcc0AhAcCIRa7I8jX8B2TvR1SNcYKYLmQr7ulNaEiOZsy6ptx0Hn\/LR1vkXv+ujcFBz2emPm3m42MqE8ucZwxo+ZODwLM20aF+WpV0iAcqRW9apkNSDwM1an7rTZeah\/ieEW372juJvpMcRPNCo0nA3U4svluGUwkCCLXs6zaFvFXQWXdzExXM2CAXznJU2mdJVlwezkf29\/Zfoz0a4vVtRnCVjzFCWv9rcrQ9C1AK3\/\/abAgo="}
00818{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750162,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTnTsAADIGq+cR\/WnKwKgCEQG7xZNpWOTvMiTy5YAYAHo5DgAAAQEICgAfwesR3+g0FwMDARoZg5XzV2Lq7mj5iENSHRiOLkiIAFoq5umDQO7qzim0N3bAMypLvXQRo1r\/N5QhKSnRsHJkM\/3scna6z3OFBMsPsUTmotdBv6D1iV3wCK7vZFrB5tU5Knswt7kok8B3w5SLRfb\/DJYGcjstngikuVZYQ0MVSaUrSfMJck9CNCMue0Is7TuLDqimsYkLWmNxjg44dZpCBnCwDBcP4Aa3eGPyVwpNds2HJ1MIpMNWUNaSU+JpipohhHUAU0YTkB15jBd8\/uAa5NDqfSHZzsKUZLUcThc0WLv5s2XE\/CtZX2QobcEmkMPMrRqAxZDErlYnA8u4gKhrevhFjLoscdgfCiGY1r5tQBZRpI5sLscfE89WKHiplZLXaK0V1j4="}
00886{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750163,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"xGGLNYKpxiwDYGpkCABFAgGCnTwAADIGq7cR\/WnKwKgCEQG7xZNpWOYOMiTy5YAYAHr1DQAAAQEICgAfwesR3+g0FwMDAUnKKE8e2ns1f1p0yy0o+Un10LeAt71v0yfIhKXtXabWiuP7XXOmjrkV\/6hW81IdokPFseiMKELXm3nQDYzd6L6iRvROne2AEE9vZKKecN6\/BW9W3xGATx7fplygap6F0oV175GcwF6Eit9DP0jHfoC7EfUaQ81eRI+En\/lsQ16FTLWHP7tLP3UkLDuKaMwXaLvdl3BnWWbF\/oLjOF9WH8pD+4MaI7Q7zOXqlpDqxUUyXuSQcoF6y69yWkwCt3OoguqJ19046xQ2f2310NUduykPIqkmiPY448CziBiApbcW\/BzjKVR6tt5KtC1NCvBzz0WF\/RbJvg4+FF9JInqd1kV8rk9\/jWxCqlVStbupDtL0dLI\/k9JLkG3ghyEQkQCGuITPx2WQ2AzPUAKxq0F7Fv74qMZxgDU5DSn5Iv6\/yC7CkBen9DxiMsTIJg=="}
00611{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":755439,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="}
00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
00640{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":756296,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}}
00519{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":756503,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAAB5PvQAAEARth3AqAIBwKgCEQA1+ssAZUgsu2OBgAABAAAAAQAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAHAFwAGAAEAAADfACsHbnNlcnZlcsAXCmhvc3RtYXN0ZXLAF3fP6nAAAAOEAAADhAAewwAAADhA"}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":757085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0AqYAAC4GBSIR+LBLwKgCEQG7xZQAd9VhhijsyYAQA6uAfwAAAQEIClsTCAAR3+iI"}
00635{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":758732,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyEMAAEARLHjAqAIBwKgCEQA195EAu7eFj7GBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00635{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":758813,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
02358{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759177,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqcAAC4G\/34R+LBLwKgCEQG7xZQAd9VhhijsyYAQA6t2dwAAAQEIClsTCAER3+iIFgMDAGgCAABkAwM1ZBgu0yS9bOcmbk0kGdrgxoQLKwV86Gi2S+QsS9zQLyB3UDw5CeZVXrBBqV2A2Nt5TbK\/3sasXZSQbppEORT6eMAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02370{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759412,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqgAAC4G\/30R+LBLwKgCEQG7xZQAd9sBhijsyYAQA6uyvAAAAQEIClsTCAER3+iIMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
00635{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759486,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00663{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":760578,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00623{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":760726,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454598766,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":766077,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"}
02368{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":768102,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqkAAC4G\/3wR+LBLwKgCEQG7xZQAd+ChhijsyYAQA6vWZgAAAQEIClsTCAoR3+iIeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01126{"flow_id":31,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":768108,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"pkt":"xGGLNYKpxiwDYGpkCABFAgI2AqoAAC4GAxoR+LBLwKgCEQG7xZQAd+ZBhijsyYAYA6tCLwAAAQEIClsTCAoR3+iIMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwBzDAAAbwMAHSCOEGeaVLiC6+b\/0wnT8E8OeNNKWCV6MxdIA2YHO6daQQQDAEcwRQIgCS3Vrr\/Qw8tH3\/yPK71uGx2o79sIcnPAoyR3PpMP6DwCIQCJVV0RI6Vgj\/Nh0o0G2\/Ig8XOKXIzzOuC8cQo+KB8yBxYDAwAEDgAAAA=="}
00774{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":783837,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"xGGLNYKpxiwDYGpkCABFAgE26hkAADIGxz0RggIuwKgCEQG7xZHfrxO5GTrteoAYAAMNsQAAAQEICrVP00IR3+iyFgMDAMoEAADGAAABLADAmdO6ZKgegb4aq5BxQP5CxXrL1DVbM7xBuCLNMro28JKalbikOVIgUrccPEKr5L3fnfftuAOoYOGekEgPY1x2WVd\/SAAynLxhsy6dbfjmLrPGjMq1hAlWGcHSKLZK8J3hMajG9zm+c4ZMZr0lWfnlVyVa+xiMhyzU4al+L6B5lrZqxKr\/+mn89BjJqsN2byVi0mA9RiGlUe2IIeIHIu6TQs9dN4qx10w4eK9hoF5m4AfGPuCS8mZgYn8r6C6eRtBeFAMDAAEBFgMDACgzpCi6VvByC1sgagi8Q7raFpVF+kr0VUMH0mNdudSDbLrqRbx8pZrd"}
00821{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":786331,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFT0AYAADIGeRwR\/WnKwKgCEQG7xZLy+rlZfzqr0oAYAHWIbgAAAQEICor+qd0R3+i8FwMDARriUgIv6GkVu8F2AXfKdy8ox7cIh56uiJz+qprYzDppxDVem5iI+KoYUneGqEEMGK1AvbDY1MA8CDGbAnb4pf\/lomMf\/PHCBZS9gGT+wv5VsWpADGZ9yImUsxPqhIAIJlim\/rJlAfMInG\/MYAB+1v8dEVqt2ECIYPKSpIC12Si7kDJ7uB21lNmmvJFZDAy+k008mOnR2pAY3pDwBL\/5fDXHhx6+AU4Hq5+Jj47N8FW\/UF4N+DPfqCbddpycheXDR2dhENo35F+aWEWpu\/EcKhXVYRglEy\/4cMHNrAFPjES++v685ERZzqjI5E7iOWhBlgZKBaVy1UvkUGwXQLJ6a8+wDOtDILMtJZQhXeepf+G5amptLe2Z94KkfdM="}
00818{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":786343,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFT0AcAADIGeRsR\/WnKwKgCEQG7xZLy+rp4fzqr0oAYAHV+eQAAAQEICor+qd0R3+i8FwMDARq5SQGQLnpWEcZ2Mh6e8JpH9tNqVJSQsj1NJbd\/RGbmiMS+91Lwtn920c75q3zbN6d+yFmlUcVHA+V3CVtls7mlm1zgL+yEc+FSMDbNLEWo43ZT8hshMwnwLb7npY9b7JDOlmV1Qra90CMCKhe26wV0\/ynITWCCp\/krnpM1C+P5AKzy7Hq6U8p6ZDzX2t3Y\/sEtyuDYZSrODhSvPSx7uPqVffMy89AqsFy+kGj8eT3GGAt6LrTx5LXrLcDGVzn0kbHgxjpHYrIFntuAlbXNQndEuV9WSe5mQRRzfV+FyGY\/wXAzlUoEvEdgdrxbAAWYi4rKZBROMzCjTD0g3L5+5oukLIU4kb8WcqOuIs+gc7zU2eOr4jvucJ8kKns="}
00888{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":791328,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"xGGLNYKpxiwDYGpkCABFAgGC0AgAADIGeOsR\/WnKwKgCEQG7xZLy+ruXfzqtRoAYAHrJzwAAAQEICor+qeIR3+jBFwMDAUlR2yeh\/Mrk2fJX31Kbd00awnMuhz3GB9Ls94xx3JaJGZ+\/A6JPrQrCIXih6p4sOutNIGl1b+JWS38YYp2wPOQmTfAMnfY0babHjP6Hd1dNGmw7bXKD+U4Aht1LnEOeRx7NT5nGK8f8\/4hefRUyf4D7r1Ccvwl\/FMcl\/hZu9Uo\/45MSKf4yIepSIrw25o0TEmJAt9YF8l+C6360U09bwkiIXowoItrqq+Ah0+1mo1CF3k6wVc7GJbB\/8o+z3P\/y+fBtchKpiNPZqbKNETs++5bIsd1ZrC7k\/bdKO3sbWGF11oTpLYymRWKeD73s\/qjxq1XUOz\/fVmEgF7ryb1GDsgQ+QKaCRnwnxZMUACNuUpV892cuBto+OXZrKgqot3hf4pvrFByj3DwU31ULwJ1pK3ms+DLLzYxjVXXCJ78ADQhd9XUZO0t3SwocDg=="}
00439{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":801586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="}
00437{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":867837,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="}
00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":885958,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="}
00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00432{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886016,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="}
00426{"flow_id":31,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOzJAHfgoYAQA\/R0UwAAAQEIChHf6SpbEwgB"}
00432{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886500,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="}
00432{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886626,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4spEAAEABQtHAqAIRwKgCAQMDK+AAAAAARQAA45cxAABAEV12wKgCAcCoAhEANdAYAM8AAA=="}
00426{"flow_id":31,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886998,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOzJAHfoQ4AQA\/BsqwAAAQEIChHf6StbEwgK"}
00426{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":887136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu16368Uu4AQA\/1WNgAAAQEIChHf6UK1T9NC"}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454598888,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":888448,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"}
00425{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":888916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"}
01123{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":889102,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00838{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":890665,"pkt_caplen":367,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":367,"pkt_l4_len":333,"pkt":"xiwDYGpkxGGLNYKpCABFAgFhAABAAEAGYyzAqAIREYICLsWRAbsZOu16368Uu4AYBABb2AAAAQEIChHf6US1T9NCFwMDASgAAAAAAAAAAdj\/oh4JFAnecakNJj3aZhGQtlujQ3sfkuGMooEvvIa42NgztrVRsmvSSHptchNMfzB9XtSoRe3JJVMOw84TOq51ohCUx7Khwzf1Dnv5tfEXFJ2KYninJ2dCwf\/Lhp4bUTr3pLe6Tn2kQFJCZPZIKKuUOi0IjIndR2RlxsKUEDyRQvOcLbqVa1PCrETsZn7vnrVAZZi3u8mZv321lz\/v9mNReM+hdk+q8gigOG3yGTSnZuiHsuaq9NMnLDWs4hRxunQnTO6mmCY4m18R78wKjC924tJoRSv7PoH4I\/WahkK7W3Exhv+pPpqWdz2yYtVEHsIQixU2U0n9yOS35zZ\/\/1WnM6cRemep26nGe2LKomIscPZrlSg2UV1ewYuD5d+5wA=="}
00615{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":891090,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"xiwDYGpkxGGLNYKpCABFAgC+AABAAEAGY8\/AqAIREYICLsWRAbsZOu6n368Uu4AYBAC7QAAAAQEIChHf6US1T9NCFwMDAIUAAAAAAAAAAmp2IfLHHbKSxzXQ66EHNzB6Upc+RgXiwFZQtEzg6f0CMeSNbULtPf4GaeCAtFu+V5xUKAozV5S45swR43Y3NNTy\/s98twAqZNCau6i8C+CVNC42RlwSPI1SYdF2\/YQ3RZOSQkneh1zLZZREZxDwDKX0k6ReIlOxElfPjjt3"}
00424{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":892865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"}
01124{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":893224,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":925453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"}
02388{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926093,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUz7IAADUGlOlcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOusqAAAAQEICv93KWwR3+lKFgMDAHoCAAB2AwPVclrs5qQ\/Sx24j5b7zPYzeLlCrcg8\/wYuD5y4WSjHASBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9RMCAAAuACsAAgMEADMAJAAdACDyleVstpAS6tG0\/5z1HrqCZwd8JGTnUVgIrdC22fr1QRQDAwABARcDAwA0wnb1ePwh20l4Tf+pvQSVwpABc7rVlawOWSPd0S3vJvoFt0MQBaCADHcFHjq+h64QjLktVBcDAxKHtp1Vj7FXgxWqnWC8QrzkJbTasHPhAWIz9GeDRX4O8SxWYMgLA6p48Y2nKAoWp1xhz\/5IbLSSuPFbxgK1QMydZbQpl7XG9s7hM6vUOHFxrT1ZFccyH+5eokwBY+ZOcSEhwV86EqDSP1X2sU2l2QMoHEzb\/Qs4nhq\/mfpVluUBZQRNulh6Q4YTErkiBaAlbD3ilie6pMkEmHocEtLglKScSCl0b4O8N9PlNyyU05uxuVB9gMdZykIzX0HNpqAKkeXUj+tJV1rktGfadKiVjON5djWPiTSom1UibDJ5Ma5xkPXJHryCOxj2T3lzAr0O0iny7VP3kVqOexBkp5S+pnNskJfcGotGJLSEj49J5e5T2QKU9\/JpZ\/g\/lijnarGnehUwNRwtyzW5h\/\/UgLo7S7imVgzWKDqETgeXCkfByt5knE43sGW1SHeMIebCjB1MfAYq9Qoj\/Q7OHxAWJPdB1+36VH+z6ofgj7vn2Or3s8ynXk2aaEacv0sy8Diq95myUtLtLCJcTv\/00cbobrzYabFQn7oQVvP76Yg8h1pc7DQiPqWog2\/A0NLjIHNdwlKGO\/uqMVtGE9zBk7huLUinnZqH5fRa0OIf3U+IT0EKyMxb17w\/a3GQUIgW3oa9MVFKSf2D3qc+6Er+ndRecQpcG+31bHEJ7cerriBP+OTmqF8\/ep9tROS3GDbofFpb0zSP3uo1Kbf874LTLCOVhP5gbaMiKMwex0PG\/5b1OuyKHNTJ12cXwI+4Gn9nT0jJ10FyFLnnOHW2d2HaB0q3yixsEgOrXC8obTP68nFYnqV3ffOJYES3kunCJF+e4wpIN3wLx4MY+cVd6daHaDGBsl0vTVdGmMXbF3Q663Px041voKPWNsVtuHo+Ig6QPo8f\/L2w85hl7gYSIzGqg6R1Eky3Qv+Jt+7ysKq9emuzadqliMjRZEJBlYqzf0VXc7C0vBpHZTGGReGYcAWVq6vVv9MCCSFhisUDWs2xrzg52\/zc8lp0hnGopJeuxtnR4mhOF3MU2Zlrg+I8mJKul3LviY3yRZ\/IRffJO0vbBUZ1c+Q4CsI53zp681IjLL+M2kKARNLKKJVlLbE60\/eTG5kVTjeSe3cqeIdiFIs0sWdzeRXu4PRqR8w8KJwUCCqIiz\/ckA7zkYItswHMfu3S9d\/CcW0mQZ6Uw5SbuUakur\/4CnMlN0lLUrlg3XSF\/\/p1BByIHJo49jKA05qZXec9gh8r9BT2VTNrHQEJMBxOZgO5ufwQ2NmXKcW3nG6LmQ3Wb3BgM3NfVDu30WdAf8ojiK0b2z8L4XjVIIO1r5ool6iYZ0I99Z5x6mk\/iOmoA7zYAOa5peEzZHAGOIoa9aFeV5gGBISFFRl5dPLiJlzipW55F\/2liShC1OMMTsrNVKAfhd8Vc7jrssG\/8g6pTRoye4\/juWLCL5zYVn1ygeaTtpXWKvVCAgBq67VzjwnIhN3c8smyVW\/GZn+shbP+cPzxrNgkk0RiyNkbQN8mpltLZg95TF1HjJKLP0o7\/cSQgGdepllKZRZiHP82YtGfQ0x5uZ1xXpYJl6kCr+gyQQk58U4Er4ecUsrTqyg4KSPIf01YOGy6oK1j+sNHa1xnIMUtYabez\/fqunYPykzDcfq\/AZE5+gnrTzZ7+ftOL70m\/pPNmZOpGFni"}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02389{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926120,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUz7MAADUGlOhcevxSwKgCEQG7xZaFiMu9h5\/rWIAQAOsu8wAAAQEICv93KWwR3+lKWCibgR7R1ynDJiZaZPbzkCvNLTkNSlTuJQcaiwgfOAe+jv6giR33JoqhLo8uVjaHcaRyRSgJZAKlq0glMD\/oh5PkZwiVz\/vLCX4N3Si8dZ08eQtrPzXMd6Ow5UWMFUSyXO90m1NcMpPMoQ\/E+O9+avvWxEEwBbSpg7SYxC4\/VxMJ04jb80RqVNZVdD3wdMlDr5S+asT0gpkDJR+VMqU2+KrNLbaqO5oDgRaYydL2VKTQ33WXDYVxhSZyVixMC5XVq+2IyPxIGHnJ\/VdOR5Y8yjVl2pomUPMduS5AuBHX3Px97Ltg37PXCCVnnCxK5i2+EPWcyrf7mmgzcMFJ7FwDd5+jizX6ZLAJ0DTSWLORx1Wq\/2V7TfV\/\/GXKiSgXa\/i\/2wVfh82j2nZs\/UlrSuVFQDu+qVSa5XD3lQc\/kY2P+zIt9tcIiDPVrhU81sYfJJpAVKUcGf9sTqeR0LMvownWHoypAwZmr9WY1GwT31bEKutv6HNihvypSFKdObLD\/QD3ct2IC+qY5lEHV3moyCV\/9s\/Mp26QdKxlbcQpI+hxMO0PYhga5Pn4fYE4kVqHL6yuYVVitxN3csLXCHUzTUYr6ALe5LApCE\/dJNEIcLURmNq9j5rojaPFWqVCit1Lepuxv+8YuXXKwuYPiFazlaPXTYzWY5rs7wQv8xWjwXt8nA9QyG3Yl\/wA88UhE7UK4DrLdGcuBksvIShYT3YVnRqF+D6DKMHRPRt+ihNHswVPEjP6+H7h5HUXxEAfTARFXrt0TuhvacpA2Iz9Lfmhy+U75QdcYi2KvxKLTUtoraTEY7IHgz1IpcSYTEEKYrKWkt7DdxDaWiY66Rnc275\/rg+0HlcPfRLl8Xn1dHxX1KvUp0K4NP7dzDv5ajOc+yM0Kycsx2FFZSXR1UeY5tQZjlVlmI3dmbYMV05ZVTI\/fr\/qcERsG9JnQdJnXL3FAj6W89P363VOiftME\/WeAFx9gC41recEsuDe\/9lndbSL0U\/VWfuXIFUfUkTuyfkcNadzRoklnpql6ygHODT8GvFHK+GrD19mc58yi7y1Mr6bhaGCs+ARdWR53Edc3j2YSGjtsoCWZl3eOuriaRO+SKqxn4yniOGHF0VnW7D+M8GaeTWoe0qkpFpQ4EW4Q5QoINDUX137huBIs5s2c5DoeYriJcwWbeT549L2zsXrBLOvwTzTscHPRNiXaV0oVaLIg2tKSD+b1xxziFjkCvU\/kd27\/EulFrPmnNb\/wxVIqaWAhteUMYdcOYn5scz26qWOPYE871igHAKcax7QvT6DpuNmYyDnE63f5t1zg2Qw9MMh3I73GUQC8ahtgmxM7JpPts\/CsxK9\/emUl2sF8+DRVrfhJXcfHPLwGN+Lcta+LdU0pVB917YGKMMCzTi9h+59PvifiBx+FRHxhNfaLdRrKPDr9jez2lxQNTOFLgB6v88KxfYUIeOD4QAwNLomOdID7DHmLQ13z0t6dVz2NzWGOg6jO\/KESygXS7mRNKbFhbeKhybngJ2MwTpIqPgLY7fWKBg8JDWvJyLJvBfiI1C6OjSXpLAc7+Mx11+DQ9\/4oF5crNWJCr+0MjZn4TAVhZZWIjIJDRK6bardTjBtqIIOAVD4q\/1iEngGOHOd2I7vXF5gkKDLMLczvXnHTvFSneHEtPeq0Ks3JUIvke0CijUvxzl\/1wE58bvo\/SFCwtpZJhyJ\/rbgQ6xiHa8MxZ0JWLyijlIMInhaQMo4caLK0iwDsLuysuWHrOyD1Z9U87Bg9fmig6EPh9fDT6w2FWGIY9IZEVh0aH5vfFLpIXkOYQtHIVopqfNGN8bqFCWb6V57Q63\/ijWAxx8aJYkKFBYO5XufhpHv1QrV9g2OC2sAL9DklopOYjpyaZd3rzbwF\/7KYP\/3Rv4eVgKTbuoEpd\/EJmZwVuOLXtId"}
02082{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926180,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0z7QAADUGlcdcevxSwKgCEQG7xZaFiNFdh5\/rWIAYAOuLogAAAQEICv93KWwR3+lKdFWg2DmVZdxMug6XcPmfjtFxEVFs4eUQric0KdnsvrpMns2mWkWg8s8\/Na4C7zJLgRnsTn+Gl4S5UbpbUI+2Rm2xejqNF44AXSiOp81MslDMgyEL+ZaXSYzsxNRwWja7ES14UacXClShKrYuWbzIdOl\/ma4LfeQbzn3+\/dKhcx6tXq9zpNd43cgqixBeox6d9Y4b\/98cMZJoOljsIC5P48LOWkH4eZArZvxk3LODu0gKi3PGpHPuBGOUgABUkqRCsWkE1P6VJbR7EeT7aHZgDnG6RnrlDWcqPnRQ4fJIm1NLsxLJ4cDrbbUf38QkBwo8HXQaoUdXuwGfuAhhIWdmm\/+OYeWxkKDJ45ARQIcImPKXDdMTtn35dgliIZrtHNeYGDjb+wisr0k\/jq3JMhzx7SvBpICvoxJOMIIfI3ZninPNJuZkuFwlVB0x69D8IW0mDf4Vx0sgHOgQOM7XfkI\/CwVp39DYoMJZ4rrpT7bO7J+PgO+OaM7Y91F74CDdBNbGDfVDSQCK\/QPkBv6oMk2BEzojAjHBqACVJ841RWy8hxfx3R4ikoQvMEmJ3gHpjSawpzrP9jcGOxE4GBsd1NH281r3eNS3e6UYf+oXsSLHgCgKou2B2y7mfVMTxMBi7gGwQ+UPnQjEVN8SW2LOMSOPzYk\/f+eHpZohDLjmgBqtALq3gJ8NITWmNttLUPugE87NQG8+ktt66P6Km83zymLpgsKek1dglbUWZ8qA2u1NUF9A8ybs6WkCMjz31K1tzA2ohNm4Gu5AXgtDA+vav\/NKuqEIPHlr+IUquKPqiet8mTH3TrAzly358d77F0BugrBy62zgDEvgyF7jXUOJpJmXgmhvcJpseqrWszC\/Ws7t\/hcYnotiSxEugdJ\/D\/3w+gdFWoa0Q05LpTvZl6q7a3Vvrohlm1BcZ665Ipafx+xcbL3NnRo6RodFQvr5ZZ\/wcdwR7ays1IpjdKsdBh9MWdtf4PGwPcSn1BocWvUSKX6WU1rIkVyCbmqEgD0DkJXO\/8F8KMdV8xDawM2h7VLfaBH3qcM2F8tMpZ0DJxIMmAfqO4ggqHtysqh7nvjQklla\/jewDCuHOlh9hI9gAkTeyozvBLytUpHQsl8nMQne8ZAyf+69gcP4LEckMnp7vrhmqXUG+AbbD4\/qX8AS\/K+GbNG8KxAIL0LSkR4qbgGO3BxPvEbxceNTWQOtWI4SS34zAgl4jWFwaD6Qi4U0nFr\/M\/Blg8SPe\/QWl0QIDHKxtWPHgC+hIYCFkMNw\/E\/zmr5EvucCQd47gQktNCrG3m0sPuBbxphCRVuHH0K3NMlhtZGmbSCjkQzUmAo4OLO6eWFmurYuKxXrorMJIpzJkQxAw+aDOkiPIIGFrE8g95vm4b96SlM3vtW4Vkup+P\/dj2kJr\/RrNvJcCWbK+IZrZk1ZLuxZDc9H4sEa6f4HLa10BcAz2QaumTut7MYlWERjZ9WabOsfQaK6GLWv9YbY+SErm8x0sHg3ktLkTsn45oAlcNA9JYQC1DAgutQFhbltk4GqwGVnZbvcLNTINnz\/G57t3FCSTl76Ck2kRMfLf9rEZX1xQ+ZrmIaPvQdRNrkgatyIYeG90xWs3JiL8zcldT364BfB7w=="}
02057{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926730,"pkt_caplen":1268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1268,"pkt_l4_len":1234,"pkt":"xGGLNYKpxiwDYGpkCABFAgTmz7UAADUGldRcevxSwKgCEQG7xZaFiNYdh5\/rWIAYAOu6JQAAAQEICv93KW0R3+lKVHqwts+n2hFbgaGLvVF7Dz+3Na340HD++BzqwHdjKHEc00qy8GOso1qeodNydi8nUw9jQDV9q4iStYYFh6nmCMFsYAdSAggsbOojM3Mw+pVdMQvyN+1AIMeC0amzBaxj2cK+GakvDT1JwSfECqOcNcVEaM52\/GmxkgjcA81d5WsNySsHZhaprUwKBfS64jR3y8UYVBJF60O37+\/V+xD8RSbFZ4MmhrirukYJuQdgNG5FfWtVKASbZH0BoWRxWTuYYMpBPKT5J3IwJSVeSZhVqJKBDC6otuPYbGA6B2gxTX16lQemhEUZw6YO2\/EF91068jkN8D5r1gFpfT3qNor2A8OYLX39bk6S+kTGfcSzyAECjxH+MQjEkaJHruqjr33blJhmpTlMbu4Nx1f7I5FnG1w9ZtKnskAZ+vnTBQduNhwcx3yzsURsL9WDctY+J9egJFAOANhuBEqwlGoYFKEMpFs4R3xPB6C\/SvclY7yg1V2vqofIlX2jNcYTGjUgEm35dW21maN+JlmCskBuYFJx+feV3ZdavODfqSB9Sq\/Zhik9zEvb+\/9U1YTm\/o5WfYKasGmN8xnF+nP13xXWzsVYgZi4kNNvumxcVnNtYGmpMK5mAbSyEx13ExwmbtP1cXp0hamq41zwwCCm8YI3AhxZ+OYNW5yi1ApF56Qc2eA9m0R1hzx2TSqRzXappHqD4QXvppDuM\/jBbY1LbgfhGTrMzln3iTTDTFZK9toJBN5fM4GbCP7W6QHMTKZny7Os28CQAwgdQroBkkP15Z4kwdKpPdWYQv9llyk2NJwSwoVyO3Sj7yEuPadAE7WvIJ60XRvDchBo+KcYVP2A8x\/DHe71VdegDXIHoHiRS+7YTw8GICsZ8xQH5nx70Y5IvmgmqxppD6NF1jU23hF25vz7WBmhNxtVph2MTnsDuUkXfJwNxY\/Ofzueo8rMBgkusSMUA7tZHKWiH85IraTdOZ7hRSIx\/6IYuVdjHOHxVeSY925HhPMW0XEZSklDCDr2kDBOsErReG81V4VBMoyjr6kMuvkqQtJuGXLIinbxijYpd9xNQUq+gIA2TDO44LOsdSWbxhpOtb8DjPMdDUEIaSTf\/WWFY4A21hbDYXvVRDUXAwMBGS+s4Vz8aqJ6WkWr9Q00QyoTkDQGx33KqnorEUnuAWKGExSPFPPh06JU1\/JGuOK83W34s5XwvibY+zBVIuRJL6oBwqNFOe2\/1rZhD\/9eKHTQOOOABMXIhySGezF\/1N+pntxhY7YbPfsJL52msRIIOEb+ad1rdVuN3iqMiCsrsUSOcGVRKNJkYEJkbalw9pf5OLE7+gFpk4tXtDClyPPBxJ5KKg9GcLrFbaUeWjCswNIk8Q3aUFMeEm5rBToiHjPJBo\/O2GzfeFD6U\/2HBkN6LdNRIfGmcgDSihkDpCJgx\/behqFMjYujscLGhiy5hpp5r8LjXOtcmV3EFgewJe4ljPZRUdr\/4kImy0plUKCzzBhSMm0GddiaZ9JBFwMDAEWOySNyypcmWvyg7cYbXRH9K4i5Mx9pKvDcg\/gQK\/mXfPhHBxM7jc3Gt76qFm2cZ9rPm4occu7+DiruCMcKsRtAL3nTDHE="}
00437{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926741,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="}
00427{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":927804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjRXYAQA\/Sh3gAAAQEIChHf6XD\/dyls"}
00427{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":927924,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjWHYAQA\/adHAAAAQEIChHf6XD\/dyls"}
00427{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934663,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjaz4AQA\/aYaQAAAQEIChHf6XD\/dylt"}
00424{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934682,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"}
01124{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934804,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":972842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"}
02379{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":974332,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUb4UAADUGqHxoST0ewKgCEQG7xZdpIXVcwXniIIAQAOtKGQAAAQEICqCtIgwR3+l2FgMDAHoCAAB2AwPMooL+o+XRHDh3LmPZe4GWy6glKR11iZpshv\/b59HzuyDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGxMCAAAuACsAAgMEADMAJAAdACBE0iKjE3XawMWAJNCW4b7IWCu3FeOuIVKOTQaOMM6rIRQDAwABARcDAwA0Y5HFUWCr304\/9L75R71DhwBs\/vRA07JU288nPupmA\/Rlc2+scIQK\/FZmUoJdS2BmyD839RcDAxKGthdzXZHBmQ8sHOFJbIBP9rgS+WgHJorSuu5zwZDN4QWckoden81TrWI38HWIzl57IuJ4m9H4nvohoXrNHgd5o8nl0OFnUy10UxyBVIXu9r+cOqdRt13flo\/uTLy+vCXsLEFj0rhxume3NI+GPZLmOEfchkUyEr0EvXWmgwxSQuNB3\/AHKNnnuwxyOa9ftHjxy+aSlXvEYda3P7rcACmjJbrfNOmoOgX\/VZdIoVuyqh15aa\/N4idJndBIIpUYC6SeuqfwBVDPu49ZSwI5cTccl+3LEYe93lEfHkaCRR8m75hmVGHnWY2RygzUbLJv4ypqTbgnHInpGY8+GWawPOY69I\/0hgTm82gkZTed1+uRxPu1yyd9+VJC5AvZQjAVw6E8OcjOiNj4MXtslnZX8Ga8CMdhrzMqdxCMu4oZQLeuogLIPvjJR7GNKWB+tTGwIfT3eLYESQm2I9BA5WBXDLmbPFsRrnQP2nqzkomDOM\/iGBAnTkWxzkn6Qx\/uJFh+xgTeMMSVYOhWWj0rmu5kWwVROPpL9aqXSQkliGl\/UedAP+amRonHJg+8P0UqZG+h4svz2jQZpLINc7jMzKDRUkn6GlYeEZBwFu\/v+E5WRYqYppyx9ACkzL\/+3EOOY+5222CmscCwmDM4phMqyx5KBnf5P+BwB6XQdFP2v5rUA67P7fVfU7DaEFKEgZ0Eo27ux2tnj+ul6EvdJt2xxORfGSvEqJYM7uBNDOti1Lw5jgWoSrIVKqMdZ651\/Aj3PMuwQe1TtSm3EEyaQVtdxWNan3LuHOI1lGN+KlWEjtdatRHlbhQjQN3YzvSTNlBv085UrYPjMrObeb9QUJA4s3+1O7k\/su2VJAUOTsLG9GEtaexuOa\/tIXLetG+c6cbzHIotrQI3HajqQnZObirzA8yYCdq6+nwL7ZKbs1QLM19W3cIpwA8EGID6HewrUhihnMxahkUaypRIprjH9o8pS10VbJzrDceJCKQj2mjB6d8B8F4jjJdPkXEfCQRcO\/QbPdW7wAyuOwobvQ\/aq6V+LJ0NKJI1RxTBwFjT0zhBhEGonqVgSnv37K0EWRU4r3FdcPhPrJmXxeHmrKjnbI8n+77Nas3OIeCuBX6ixuCnVNKbCE7DHoLQIO3H29a63nio5Ri2in7NYQMnAzWEw5GZ+2JmshSsiY7CXZIjKVDvQQfQzcSsWMv\/2n1mu6frX9Yc0p4eUppb6S1DWHY9A3rXhD0gfh5qT+db+93lIZAVBaxvUWSQ0\/rcTkkRbki63qlh16d+Gc+oDwzsbxBBH2M8dUhDkJ4d3RBpPcLoFwoIHtLEwlnlbiDgOoxuHyurCta7otcuQVC9OSBTd+GLqTv6BLY+QboQqRHot+KaSUlr\/cPdpyPQL75RL2ZMPtKxlYjb9z6qqDpMJcFJnvuF2+dgpSdpWAnEoqrnEqp14CRxchlCsDnF0eriLt8Rogu8zoeB0q53wWuIgJvgNLypKN+vwga082jJTpz1pS+sWPKhvabqBrwQlshJzFMOL9gzWPlyugOf\/0gxshHOXrWIQTs4SAS73BY3CrU\/iCGu45WxL0WEs1YEtwm6j11Hp5OYHtWw7tc\/OreSKwRZMFlRu1zoHRF2jilzhf8Zlreethd1FrkasBIUffRp7CtM23rMhL3kHg2I"}
00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02385{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":974476,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUb4YAADUGqHtoST0ewKgCEQG7xZdpIXr8wXniIIAQAOu+OAAAAQEICqCtIgwR3+l2I\/FGECANFGDfmllYaZ\/GlsKlYAN75mA1lbNj8YpBwyr19rIgtLk2IdRg\/VCJsIPnLeQnE41IVlnPN5DzW57mCY+jMGbxDKGvPxVWRzJ3mK9SlzMDtC8lBwTMomMHeCmWQZ7epsXyvlvC\/MSeVJSDT1TlIPzfiuxDV5YBxn+VtAIDGOJ8cXy7szNxDjbUE161l8zBjl\/mIWUobCzZjcKqryxBb4ftavjy0wOhWQKIc3hZDMV355NusDwC2pAExeOlQ1QIsXa3K+1UiBhfSM9blEBa3ZhteWNxs1HiyJDIK0YzFX\/fBxsLgOB8C5i8tHg+lZdRserEQNugioDRz\/BtPo3esiD2G+0x3l0nkepqXhRviP4n\/s5z6w0uYQexjr3fp\/NBjOrocsPHHl\/7ESn3GaL\/8U9Wnw\/X3S3C6S9qCSOtUiqB2FEX9UWOhPInKWmQQwzirjC7021ak5nS3CsdctNp9\/4BjBJMr1jAApdYA9pxl9HW2tzi0jZttjZAGox5ha1wlAGDANxAxGq0Tsh\/3QUSwZsrRdH4WWmW3r0RPNGJQ5wOS8jcPpQ0x\/hEgvoUE4WFoJo95YdQmkBO1a3AqTcIYMnWfVqS2mJQ+9MFI6SMHCB9aWgC2a9HfnC3Gw\/4QXKIzWJeVE8jQbRpxQKUuGnKdc14mSplcw1yNSAYabuLvpA9RbnD5na4gfrvh0rz\/oAJiKTSpSOTTAmB254GakTRCDrX3SGZfwXjawLavtVIHn5ESvF5pFAdXDbsuYfPP+3LNTkwJBwNhrImMZ0B28nwTciFeh\/Kbm4ZxMla2NwXE\/tDSDF7qVQLbrshXntadxWLQBdeFSEYOCJqz1O0ciLX2C4zXnBQj87r1cZVHENyqtM3tPTSIcs4jR6kLc2bmIiUdmjbZmDd8OqWXtdYOVGU\/VvxrII2UmDpIL\/If8oKeH\/fIk46rwcFYxKWbrgj5htUGkWBLAJ7\/e3I\/catAtLwVTcW7Gz8kDvt7NF4t036tzz32YG+GTMaomMrxXRzUK0ZSx\/Q+9fGdRPQQ9r3VF71ElFNVeZi04f\/PLOhOIiqKalVraItkSTOO8PoYjZ7pC+4KHI\/4UfU2CN360vTK1hypQPLklm11OuTrWMzjlkLLUNYI7j8TF\/TyfeYnFNtL6VIEalLA4Du7nZcmGR+wtB44l+n6vm6kXJRQF6e4dYToqFnH8M45AObpX4aY9E0XOngqMUG3J0VWXasNrHlWirFG1u3S5DsDGZrKTvzXgkKHBnmzCDaVRQ3rQHzRSfpVL03j8wIowpHexLpmxBxZ52lUThll4aK43wPburg6lClAK2VHcGGOLrXzUkmT5nA4EX0FWyBwgiMfVK4Sl37BX4\/b4KvT5vAEdoD\/6FNTXuwq7dlOTaFmNunkTADRKeRxM61x92EInz\/itlMn5+4jaJviZSiEswTMvRAmdMibrkrG0rM8iYfNM3xXfbj2IPUpeEpyO3e2wIPZ52TyfAHbwPzhCcw9XfTQAlXJ7hQToOOQ69cEh6s43Y2WJWlFMTTwoPvJ\/WEPLJALN0MR1hMmtOXYjdt2QY6nmEwkemdB2kKeFcEwOQEwekll7HsDskh6dU4sKGmBgsZrTJg795vkJJYvs\/aLieZafSfAGioHjQyFBFAZe0+MTp1xKrcil8uWDyS8jtuyqLEo+u2clQZm2pzJPWyfV9j6rl0jd4rr558jDp5PbL3brbWse4BtaZDDl+YMMUxojs1Ximf7\/N6ztuvYwFec6WZyEW5GeZnu0uq81OhDRngArRRbNpSd+QBQ7M3cMYt22sFh3P1t2iwWhfIihY3cy3YaIpH0yyfp1zsGJATdoQyIw+qTDYdTeRpzbij6BQ2vYBGsmePqHIT3A9IM1Omh1QHj02YqRWt9entO\/UvgbyHq6hUhqOe8kYP"}
02090{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":975422,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0b4cAADUGqVpoST0ewKgCEQG7xZdpIYCcwXniIIAYAOsLigAAAQEICqCtIgwR3+l2LI4ujdaqnnl1QHjG+GVIJ04tcZkDpM6mOpXtqIuE+0L676bvkxwraC4QMiVRVVVxh+zqRGjqdKruAubRmhoVaQEYytIy\/q\/PFlncpuSTglmMIjyjQb7EZ\/MdboBVOvUqXY56Rq0Nh\/TDeceAwdNTwSUOsVAidDoSKltiCZwlKQ7NNUql+EgpDEkltPwlhZnxl2D534+11P0rbqnr6g+FBcniShbxspDpvDXsPgLREXJTRdKkV5vJE868GDVGRFQGtUGBNDQyvEGigWTIE10dMaBxeqhCpCt0dtG8di1TAL8FFG1k22fLkUY9rQZK17IKPwL2cvYMoh0z46yOiSL\/Nz0WsP\/97Ot9l7RrHxKgW2vs4yQxJFyiSUSMd0+F7yJhVc9ptfPgB+\/sHR2wKPY2KE0ESxnW2y3quZGTwpvizBZmY+\/eS\/mJ\/ZP\/+50ElQBqZBqkNNVns8ew5qN7JO7YmHguaWgKpRT5qsQi5cbkNJxNv8qPiBAw002roNgRLiag8ixbTkxZYNzklbXjqLiWHpy4ArzyYryJ1xjj7tSObd\/JXfhrU93MpV14eH81VXviKY+K5peJwugODCluebWPdrtbIKul0gUFgTLfPToCNNJJYVMyziwGuBpjChp7KQa0hLJLOSqcq84JtcOrJyTy5HTnOzfMxdXEXpTaoOVRPswFciEXeopOPeOjskCM0\/bd2XbtOZcRQ3B\/4Iow2hQm7khTdXdwfLYyk7rVMONdtrxDOLrOMVGOq7VWHT2zzfW+pBW7twE35d3zYot7WXa58VY9eA6Ul01kyb7xAc02yFkxyMkT\/yzNhZeqc4CSkN\/uNhRhin6lHu2\/mgl4sSTH971gANXfMzvcCHHA3Pl2\/4j2YSu1I4jTme4\/Q5h7iP52anq+j9AeyLfLaQg6ugxcrzJgef5QoZnwxvsoTE\/XQh3Ul371uU21aEphl54w4bGaISCNqg6MzlD4SDEozDvhh7SbT1XchNlggrhgD8pXMQi8q\/EZVh7uI8OTK4PZyJDV9pG\/OE\/JwsxjQRPqmg3eeBVbf0YMe7oJm7si4I\/uY+FIX09i7t8HwldZ9kvCudqrjJoi1A+KlPM\/gKjNpP6vvZ+zKJFtP9v9pIOo1X5sldlmxfMdzdTAxPDR+obqN+z6jt7Z4UMpvBesBFAdM\/UTx6yMZEW4jpbgbNXRjbdCrQr0glnTBS5CeBGOcLLdjeSO11IRv31FecjH42Hb7a4NJ1avbhh8p7Wp+5\/jsZl\/Drn8ihwHxozVxLElPDzWWNc\/gBKR8eoPXapa9Sq0USmwlSvXDf\/OoKYUI6VenzD+rNynvCy11u\/m4pxUr8TPETcafordxTZr1yTSqXWHq4G5Ny1wpVUNCaU\/ZhWnlIDC7mvAcLdoyXAzGdD60oe+9c2svi9ia76eQxQYTBLCJ2z7vcQhLllZRHlyhomGJ55bhk+wq\/NQjpdhe2Cw9BpATaNSlmBToQrtIuQfFMOcatLAs\/3thoKrF23jDv1ZkOg\/70d+eXkMt1f4Souoz7smEUFvRz4Qbhui2MJGABcIVsRj7T0NcGRRYoLVQuc1vO50koNUVkuQBd9pIE6Ti\/QUa3vfbXahjTgXkaIKD5inJ0QmPA=="}
02057{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":975673,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"pkt":"xGGLNYKpxiwDYGpkCABFAgTlb4gAADUGqWhoST0ewKgCEQG7xZdpIYVcwXniIIAYAOvodQAAAQEICqCtIg0R3+l2SkTMBPp\/p8lFXhB0RlPC1zHPW\/PIUL4j76iX6n6QYzn8PuDG5PVvh8BwHMI4V1U+oYNViNIjWKAouQrmvIzxzYfBKGCwbC5AC73Kbp56hG2kOc1ij95iGfR0mKwjHDX8hFUPJDiGZOHWgAVzqOChlri1fs7g3ZYZKcH5FfCQWdiFyXgusOVOBCNJdKI9fcBXCKnOqC2v6UqGhPHYpT+XzsdUj5JNdR0ftswO5Of3ReTqEeYwIfTYxcWqM9nLx+KL8DgfIwoaWiq\/OZjCpbZo6zKvUMXsfJSBnYdlnqOLZaxuYbfAMTuBWsAsxgS53fcNN\/Upky2Ni3sh5V+55a\/ahSRzg4olT3dADw8CZqu\/GtianrhdL51xVyYT44wb9pyTb8LZPXSMrr6VXl+Z9Fg5RlYabXQwex+iUfBjrbJBVwgbAm0o6y2mtL\/o03aKC3PEUPlyBOhHPDjTl+vED4ARDYhZxSY55roVOVW7oe7sfWY1m1MuBkGx9CsxmahbUd5lt13K6F5mZmjQt\/if8SoMOQzwVBiJdSjtVcIh\/VPn7KaPiHy2JAhyqW5eSBuDmPPFfSDTFiMqjeVuGcyhDTJbkcghRhbmRbgJV0\/TMZ98Uz4WyhwNh5hlAaNTM3fQPYM635ZRyfNAmz22nQhNpPHFIGqFUOlBkeShcZk5DR2RBMbDapOveTbXMOqogjugLs6klwckMH8JajAiB9JNPmlOqD\/R723da2HMNwv03j2rXLxkmn1k8XYzYjbOXHPbo9jyIHVIc0AvAQvG\/vTi3TuPq+js859l2ThyRIkD2PfLvy8S3LloJ+CXbLN3zvTwjUDaQhGySmuEtbVs14gO47IiDEMtJ6yrLLED1EeLsfSvFia4wpkbkLsUeEscDNfKuQXv8dB2DB4Cf8FYkRhH8uUxDIPG30dqU5yaZgjsoK2d9mq7n+9nhnIw9NMYsKsH9faVDWIYjTN43ys74ys\/9O9\/jKt4TjNEYHSuI1E2MTUigi\/M28POxLZt8WxUMTfeDCN+iPIpZsmBix8UiRT193+Cu58VfYxBgnIDsj3aWnSQF5hhYLxY9vTawIjSGEA11Xoou+EzppnB9KRWorHm4\/BB4WSAsh0TFfClwRcDAwEZhz4T\/o6hJ8+MJ+GbkFndgmAi+5nbHUxRm1n9b26OKzVAilYMEDenug\/R6dFZW1M9q6dDXE3myOcE2UY1HAw4HIt0petPKp64Ks1JlIPuDRs7H1od+iZRRVYQ+kka\/AxlcDbnKuedFi4ejjk2yu4EsdeYsKb1vtYPjXf\/mZ09UGZ178HwJiiQ35ZAfZOuUOpd+DdCmfg8U9O10vvtHGMdbWTT6IeVf\/buZVysgsSyd5IJAbG4fyIu\/9JWIzjgu6srksEbSXBubZEAeN5LXvl98pM5t+F7zIFxDMClFa1UN009lGG0kKxKJnl\/qxLBlbvlfNhlstJEYhAOnyhq4mnrxBgPgX9Z3a8I3lsQeyRTWtMyQx35g77nv+YXAwMARUkF2gTmEJhap77m1u2moMldNHQKhjkSi8LmvtnICA+lg0fSDVQypIKelfheKdBqM7aRtFRKUij8biFHcxoaduQQN+P1NA=="}
00423{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":39138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"}
02357{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":41842,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNCsAADEGwe4R+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6tqcgAAAQEICuksLLMR3+lTFgMDAG4CAABqAwO7poHEiZGdt5nG1\/7SAD+r0GdtucyF0vh+YzewrO4OPSClK3iRT7eLvskrEVxFxtFlnByi1SpNpDW\/fqJcGELTFsAsAAAiAAAAAP8BAAEAAAUAAAALAAIBAAAQAAsACQhodHRwLzEuMRYDAxVfCwAVWwAVWAARDjCCEQowgg\/yoAMCAQICEBKz1lMg7SG22flROvhDB1QwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTIwOTE5MzUwNVoXDTIxMDEwNzE5NDUwMFowXDEjMCEGA1UEAwwaa2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErG83k1xjqzx2HJwbRJIrhyp7RWAA1e\/vewDf10hGmovZaWZ\/kY5JsBgNkR7\/W2Go\/KjtdzOHXWekyfGK9ZhGEqOCDoswgg6HMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAU2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAChihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsGAQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2EyZzEyNTCCCasGA1UdEQSCCaIwggmegh5wNjIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0MS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDk3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzMi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzNy1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDY3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNzAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2My1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxOC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDIxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTcta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDE5LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjYta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA1NS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2NS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU4LWtleXZh"}
00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02349{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":41975,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNCwAADEGwe0R+LlXwKgCEQG7xZWfE+fGqBrg7oAQA6tWTQAAAQEICuksLLMR3+lTbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0Mi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDEyLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDI5LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzkta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA3MS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDIyLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDY2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNjgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CH3AyMDEta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxMC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDYxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDE0LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDQ3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAyMC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDUxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjcta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0OS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDAzLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAyNS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA4LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwNC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA1LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMDIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwOS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTkta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2NC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDM4LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA3Mi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIaa2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2OS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDQzLWtleXZhbHVl"}
02356{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":53106,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNC0AADEGwewR+LlXwKgCEQG7xZWfE+1mqBrg7oAQA6skGQAAAQEICuksLL8R3+lTc2VydmljZS5pY2xvdWQuY29tgh5wNDUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CH3AyMDIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA5OC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDM0LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0Ni1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDUzLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNjAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFLxEgmvHm6nsbbjLysXEuJqWCBf7MA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFu7DGfUAAABAMASDBGAiEAkIFEOLmDgEPKS\/Qpn+gvcGdVxwZh2RtwPBHxJ6l3lZICIQCi00a6jwr6sbV7hj41E+jnKcqu5UEnmfLZhfz5CQ7R0AB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbuwxn04AAAQDAEYwRAIgUv1EqowTKT9So1WqwIOGA3luY+tL3SWKbLJ5cDEAPZsCIAnj0wsfLGUUwOk1JvoG4dMKD20PisAthmJ9mcy1g6p+AHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFu7DGfJAAABAMASDBGAiEAgDmxo+Q8kzODiinmd9PriF+SwytTJ8xotubQ8RpQ2McCIQCaEFQmEG5tYUIjL30LXQcO3J+Y994aQcq3axIYhoDfrwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbuwxnyYAAAQDAEYwRAIgRkoZMZEXrpwXPnsvnJkAevr++WLJ2Sl8f8VTNrC3YfMCIEYJxKprDDTVybe4\/if7LN49Zos0TQoX2deXSrNcLGuAAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFu7DGfSgAABAMARjBEAiA+sgoY+ev+ZPPxMV9CLh6j19CXzFQyTd2yIPppwu59YQIgZzz1mA0KMDkiqnDf86dpXkA7Pd8vP4REv7VQuztY+7UwDQYJKoZIhvcNAQELBQADggEBAKE+nH0I6j5Rp2v08ysAeQf54YYbOLwO1CWWMdpTpZReAYxkU9UYaKnRGHS\/EILXyUXgNTXoUj2Yce4hPDltHwjy7tNZHLe6rmKQfXveN4KZ"}
00551{"flow_id":31,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54356,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WUAbuGKOzJAHfoQ4AYBABCnQAAAQEIChHf6ZBbEwgKFgMDACUQAAAhIL1bD1d4gCPrhXuI+0HyQ836+EFHhzg8hbOYWEtlXXlqFAMDAAEBFgMDACgAAAAAAAAAAJqD4mhUi0lPlD7vEeTtzw5MOqf4EnbHOHobPXgamAhn"}
02369{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54383,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNC4AADEGwesR+LlXwKgCEQG7xZWfE\/MGqBrg7oAQA6ujXwAAAQEICuksLL8R3+lT3JbzYMyEzdUS4cWlKAF1Va5SsBGwHSECU3X1KUfmmizpejSqEbJ67kcmIrDmdYUD4k93AWtuXEn\/ebhInrwt4zYV1gSPEfAI58yKWHpw4lCtKIhwHiW3WJnFH8fipGLpEvTPrV8w+fdRiulKuFrYa3mI3jZk2rWsShsw6AzJ6GQsK71JsSJig49Kwx+fHJLt59p6XFPbpeHKfRkXPd9aOmNYxmsXjVMqsOh1IKFx3hQABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBTfpWiX6YNWmPkhXKUgzCvG1tTdaxgPMjAyMDAyMjMwMTA3MzBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQErPWUyDtIbbZ+VE6+EMH"}
03513{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"}
00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00425{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGAnIAQA\/T3cwAAAQEIChHf6fCgrSIM"}
00424{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGFXIAQA+vyvAAAAQEIChHf6fCgrSIM"}
00426{"flow_id":43,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGKDYAQA\/bt\/wAAAQEIChHf6fCgrSIN"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":65380,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7Z5IAAP8RzrzAqAIRwKgCAfLQADUAJ+lbzwoBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02352{"flow_id":40,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":65540,"pkt_caplen":1488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1488,"pkt_l4_len":1454,"pkt":"xGGLNYKpxiwDYGpkCABFAgXCNC8AADEGwfwR+LlXwKgCEQG7xZWfE\/imqBrg7oAYA6vhjAAAAQEICuksLMsR3+lTVIAAGA8yMDIwMDIyMzAxMDczMFqgERgPMjAyMDAyMjMxMzA3MzBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEApZebgvP4wt2xbRPNgeM6QR3gnlBNoptTaV3Js3+f9y\/NNkepdWzwj\/W+QJi3ARwE65kCC7NPaNkRI9IIJYGetMXuOB3pgHbCn74qb1fPPW4vS8GsyQ1TUAtBzJb\/74uwI7iz\/Pdywa5tHHunCWTyJTdqZljxf\/g8kmZIDqE1V9ZzFLmCU22z1KXs9bw31F\/nDH5\/\/o4Ko0xO3SUA1mzMsNXWVY2RAqfR99KlV25B+KXVmRjJ0czBR5+SPq0GKCxx\/TD4dLcVPilOfYqqvEkKb+EU6Jtjg6Bgk\/rMnJ8xnFi4PcGVOxRzVSoiSxJ2SQ1B1ZJ\/G5iwD0CcR2tPkxPI3aCCA8swggPHMIIDwzCCAqugAwIBAgIQDLHVj\/lAOV9FbdPzoVcFXDANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjIwMjA0MDQyWhcNMjAwNDAyMjA0MDQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBOTDA1MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK40BJ6QeZqLnlrYADxY\/Zwtd1ARo0pyWY5B+XnMConOSB6Dz30KU\/8rtcAwCqTi2qaUYnzNveRaheyicLRVkBXal0yMPH5fNa3fx\/XY9cJuf5hNDchr9THIn50TVUFluMHOjEW8fte9LX8XRoftE5KtBZfZkxFBtFdNm2TogfGvxv4WfWYZuhp5Iv5ZrHlmRZCJeWHmxgIgqDT8nbgB9ET6Pgqi9ciKBTj6PUeaHo\/JibORWlP3CpGEYOm5Q6UJEt\/q95U9YLAOzBuF\/Hzn581aFs2cHFP8FYiNosCQfV1wuXAdzh2Mr44S8yOoXorZ7fHnpzPTP2B0U5t00gc44GUCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFN+laJfpg1aY+SFcpSDMK8bW1N1rMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAMdRMNlyCvP5UZNuXL2VAMf6ODBpBD+52VO4euXzAuekgLXMkraNpSS2NyeN3hEg9FNng5iKcfarZ1\/tiBTgrsguljII73ED130njJbUR4\/Y28F\/UwE1jDQ4jjVAG8DCRhL+xX5FTGWtY\/SoPxHwsdM1+1hgEEQUoUoy903+nywjqyYHwEXHQsm3D7WxJ63+T4ECkVjoGsLcvOopAhq0tDhB9BM5JTxKpfATSZ2dM7Jnw4zgcXx4aWKoHEDE+R531+Xfw17Q5razmXVEkeA18KzX9AhQjaiXUIHWjrt+1QwWi23AiBLtXLwJqSg7XgPhLXGz9T5+dcopG0PxnlPnwyhYDAwByDAAAbgMAHSCQbI7PnYpErN0cAE7Hh6VOF6w1VSHwsD+VJyZQ46dJIwQDAEYwRAIgL8GQ\/LqWv+tCZr2WqWhDqo+3\/ZqRDoO3RINXHqNeCfgCIHhwrR9TpE5nNXgnvLrmXNLJKO9BzNWtWborQ8Q8hRyMFgMDAAQOAAAA"}
00425{"flow_id":40,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72879,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxPtZoAQA\/T2IwAAAQEIChHf6gjpLCyz"}
00425{"flow_id":40,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP4poAQA97q7QAAAQEIChHf6gjpLCy\/"}
00424{"flow_id":40,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72948,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP+NIAQA9LlXwAAAQEIChHf6gjpLCzL"}
00424{"flow_id":40,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":73060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP+NIAQBADlMQAAAQEIChHf6gjpLCzL"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":73352,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7y\/EAAP8Ral3AqAIRwKgCAcs\/ADUAJ2vSdCUBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02057{"flow_id":43,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":77950,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"pkt":"xGGLNYKpxiwDYGpkCABFAATlb4kAADUGqWloST0ewKgCEQG7xZdpIYVcwXniIIAYAOvoDwAAAQEICqCtInMR3+l2SkTMBPp\/p8lFXhB0RlPC1zHPW\/PIUL4j76iX6n6QYzn8PuDG5PVvh8BwHMI4V1U+oYNViNIjWKAouQrmvIzxzYfBKGCwbC5AC73Kbp56hG2kOc1ij95iGfR0mKwjHDX8hFUPJDiGZOHWgAVzqOChlri1fs7g3ZYZKcH5FfCQWdiFyXgusOVOBCNJdKI9fcBXCKnOqC2v6UqGhPHYpT+XzsdUj5JNdR0ftswO5Of3ReTqEeYwIfTYxcWqM9nLx+KL8DgfIwoaWiq\/OZjCpbZo6zKvUMXsfJSBnYdlnqOLZaxuYbfAMTuBWsAsxgS53fcNN\/Upky2Ni3sh5V+55a\/ahSRzg4olT3dADw8CZqu\/GtianrhdL51xVyYT44wb9pyTb8LZPXSMrr6VXl+Z9Fg5RlYabXQwex+iUfBjrbJBVwgbAm0o6y2mtL\/o03aKC3PEUPlyBOhHPDjTl+vED4ARDYhZxSY55roVOVW7oe7sfWY1m1MuBkGx9CsxmahbUd5lt13K6F5mZmjQt\/if8SoMOQzwVBiJdSjtVcIh\/VPn7KaPiHy2JAhyqW5eSBuDmPPFfSDTFiMqjeVuGcyhDTJbkcghRhbmRbgJV0\/TMZ98Uz4WyhwNh5hlAaNTM3fQPYM635ZRyfNAmz22nQhNpPHFIGqFUOlBkeShcZk5DR2RBMbDapOveTbXMOqogjugLs6klwckMH8JajAiB9JNPmlOqD\/R723da2HMNwv03j2rXLxkmn1k8XYzYjbOXHPbo9jyIHVIc0AvAQvG\/vTi3TuPq+js859l2ThyRIkD2PfLvy8S3LloJ+CXbLN3zvTwjUDaQhGySmuEtbVs14gO47IiDEMtJ6yrLLED1EeLsfSvFia4wpkbkLsUeEscDNfKuQXv8dB2DB4Cf8FYkRhH8uUxDIPG30dqU5yaZgjsoK2d9mq7n+9nhnIw9NMYsKsH9faVDWIYjTN43ys74ys\/9O9\/jKt4TjNEYHSuI1E2MTUigi\/M28POxLZt8WxUMTfeDCN+iPIpZsmBix8UiRT193+Cu58VfYxBgnIDsj3aWnSQF5hhYLxY9vTawIjSGEA11Xoou+EzppnB9KRWorHm4\/BB4WSAsh0TFfClwRcDAwEZhz4T\/o6hJ8+MJ+GbkFndgmAi+5nbHUxRm1n9b26OKzVAilYMEDenug\/R6dFZW1M9q6dDXE3myOcE2UY1HAw4HIt0petPKp64Ks1JlIPuDRs7H1od+iZRRVYQ+kka\/AxlcDbnKuedFi4ejjk2yu4EsdeYsKb1vtYPjXf\/mZ09UGZ178HwJiiQ35ZAfZOuUOpd+DdCmfg8U9O10vvtHGMdbWTT6IeVf\/buZVysgsSyd5IJAbG4fyIu\/9JWIzjgu6srksEbSXBubZEAeN5LXvl98pM5t+F7zIFxDMClFa1UN009lGG0kKxKJnl\/qxLBlbvlfNhlstJEYhAOnyhq4mnrxBgPgX9Z3a8I3lsQeyRTWtMyQx35g77nv+YXAwMARUkF2gTmEJhap77m1u2moMldNHQKhjkSi8LmvtnICA+lg0fSDVQypIKelfheKdBqM7aRtFRKUij8biFHcxoaduQQN+P1NA=="}
00440{"flow_id":43,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":79456,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeIgaSGKDbAQBADVtQAAAQEIChHf6gagrSJzAQEFCmkhhVxpIYoN"}
00495{"flow_id":31,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":87463,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnAqsAAC4GBOgR+LBLwKgCEQG7xZQAd+hDhijtJoAYA6tmbQAAAQEIClsTCUoR3+mQFAMDAAEBFgMDACgAAAAAAAAAAD87ErFixIfSKGvShDbE2CGGHRjTt4qgrDktrKCv\/Wte"}
00519{"flow_id":31,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":87499,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAgB5AqwAAC4GBNUR+LBLwKgCEQG7xZQAd+h2hijtJoAYA6segQAAAQEIClsTCUoR3+mQFwMDAEAAAAAAAAAAAfwyc93ypSXSjT7YdleqSnSyI0t8c5f2umgeUSuH8pWwUNu+iwqsFST4AgZMD0zyauNYWp1JtmPL"}
00551{"flow_id":40,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":88616,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGrFzAqAIREfi5V8WVAbuoGuDunxP+NIAYBAD74wAAAQEIChHf6hfpLCzLFgMDACUQAAAhID1HH9ZLXe0svMiqOnBTSWAPUkzpXcDUWC8aOSS6gF9OFAMDAAEBFgMDACgAAAAAAAAAAJ5LgJBalXs2sm1ZwfhdACugHFBQMPLQgUQIaN4IzD12"}
00425{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":89093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKO0mAHfodoAQA\/9qBQAAAQEIChHf6fJbEwlK"}
00510{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":105084,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"xGGLNYKpxiwDYGpkCABFAABxJf8AAEARzxrAqAIBwKgCEQA18tAAXXwrzwqBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00510{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":105212,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454599225,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":225110,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"}
00433{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":226094,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4qKAAAEABTMLAqAIRwKgCAQMDCZoAAAAARQAAcSX\/AABAEc8awKgCAcCoAhEANfLQAF0AAA=="}
00437{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":259226,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="}
00424{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":261184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"}
01126{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":261304,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WYAbuypew79Fp1GIAYBAuhcQAAAQEIChHf6p1bEwn1FgMBAgABAAH8AwOqol5kmYHgPoq84\/\/Da6\/5UhNT\/nZAKlLwtuCLeOmg2yA8i7r3+6nZyxj+LpdSSvhjZQ\/dp+uNkXD86w44FnW6iwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACADkr8qMij58U130ShRmVJ57YHqBPAcvleuo4UFzSZLegAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":293969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0rPkAAC4GWs4R+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6u6vgAAAQEIClsTChkR3+qd"}
02359{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":295578,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPoAAC4GVSsR+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6tlsAAAAQEIClsTChsR3+qdFgMDAGgCAABkAwPX7gAm84D8OuuqPl9tBROrt5QshMSJP1EHjo5aUTKVaCBSN\/MBybPtgRt\/18Vcw3C1WAtvbt2+1kzoqF+efbFN\/sAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02369{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":295682,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPsAAC4GVSoR+LBLwKgCEQG7xZj0Wnq4sqXuQIAQA6vs+gAAAQEIClsTChsR3+qdMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
02367{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":297969,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPwAAC4GVSkR+LBLwKgCEQG7xZj0WoBYsqXuQIAQA6sQrAAAAQEIClsTCh0R3+qdeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01122{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":298024,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"pkt":"xGGLNYKpxiwDYGpkCABFAgI2rP0AAC4GWMYR+LBLwKgCEQG7xZj0WoX4sqXuQIAYA6smxQAAAQEIClsTCh0R3+qdMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwBzDAAAbwMAHSBXsu+GV+y6l0vzfpkIZ1fKAjMWWfOp8JyVnlMAUByGDQQDAEcwRQIgA4Tzv13CT3BDjyxEQnnKbRx46Ioq7rc\/yzpsH74bthgCIQDoIolgzbEnT8BWjXTqaKdc6geCbEf7Aik9lFGXPL6bNRYDAwAEDgAAAA=="}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454599396,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396067,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"}
00482{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396209,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00515{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396633,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00426{"flow_id":47,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":401539,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuype5A9FqAWIAQA\/SupwAAAQEIChHf6ylbEwob"}
00426{"flow_id":47,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":401936,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuype5A9FqH+oAQA\/CnBwAAAQEIChHf6ylbEwod"}
00556{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":409215,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WYAbuype5A9FqH+oAYBACOfQAAAQEIChHf6zBbEwodFgMDACUQAAAhIPdiwyj1I6m4F7av9yBSV7JBAs1bbY3G5JfBek2ejyNdFAMDAAEBFgMDACgAAAAAAAAAAEwW\/\/KAh9P\/tQdwoWQmHSmK5nrXXG\/M6ic8CcWTXbGv"}
00497{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":441363,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnrP4AAC4GWpQR+LBLwKgCEQG7xZj0Wof6sqXunYAYA6v5LwAAAQEIClsTCq0R3+swFAMDAAEBFgMDACgAAAAAAAAAAI3hMVQg2deXwKW1to+3OLQwi53\/\/iOpKO3yRrz92EeF"}
00520{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":441376,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAgB5rP8AAC4GWoER+LBLwKgCEQG7xZj0WogtsqXunYAYA6uyIwAAAQEIClsTCq0R3+swFwMDAEAAAAAAAAAAAahZpiRsxGFaiStkfVsksJvAde8o0oPOAKemhQwWDE2QQVNrlmJ8oGhiAOiiFJTH+QHlpHA4KQWh"}
00426{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":443080,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuype6d9FqILYAQA\/+lsAAAAQEIChHf61FbEwqt"}
00437{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":568888,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACxGGLNYKpht1gCzl3ABA6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQA9fgAAAAABAcRhizWCqQ=="}
00440{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":585460,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="}
00425{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":602893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"}
01124{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":603102,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGvlfAqAIREYmmI8WZAbu9h96y\/4UcMIAYBAvDAwAAAQEIChHf7BTKEDlZFgMBAgABAAH8AwMQmWdlc9Dfkc1LTp0B8prq1RD11s0EClXeRC7LPUuboSA7ltXQId7DryBOaTjcsMFd7i63qypbauhtrKXc6bkI8wA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWdzYS5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAALAAkIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgrVr\/fu0h15DcdosIeP8S9EdnaZyYtU\/hcTn61FxtjHIALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454599740,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":740262,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"}
00437{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":774111,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="}
00424{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":776186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"}
01122{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":776389,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WaAbsCzUbEtxQHi4AYBAtFmAAAAQEIChHf7JhbEwv6FgMBAgABAAH8AwNJX\/Eg20C+2ys6T03zkHgGLiGZXi9UmQqJ4J0DwpXX4SAQcYer1CdJmG86iQRBRTj9FNUOUTD+JW73wsBQqImhngA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAWHeLk31ojbBM2sakys3+a3F5WQLHPz5v8kP2YwKoSSAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":791465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0JhcAACsG70cRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEF4nwAAAQEICsoQOigR3+wU"}
02368{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":793104,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUJhgAACsG6aQRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEEMFAAAAQEICsoQOikR3+wUFgMDAGwCAABoAwPcCjv1ALSjyPkWpO2bSpR3JwIIun1P4HP8y4L4KzHqpCCcb4EJClNVVOQuGf3cvgcXLsYJLrlO1X\/N4K1tREz008AvAAAgAAAAAP8BAAEAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMM\/gsADPoADPcABDMwggQvMIIDF6ADAgECAghXVVo04aWoWDANBgkqhkiG9w0BAQsFADBtMScwJQYDVQQDDB5BcHBsZSBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0ExIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTAzMDcwMDU1NDBaFw0yMDA0MDUwMDU1NDBaME8xFjAUBgNVBAMMDWdzYS5hcHBsZS5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLQVbrKBs\/5KaRQQSlJwdHv4J5zCNUZSHwkxPqJS2jgFlEdPbWJkUMdq6kTHjIPQ7CrhZOEZ6w85IcewhdWKAf4UKNmBAC6bayjGCFtErOPn07YEXLckgGvcZjfUB2FG3XFsimFajfpy+QxPRRFTypaXAtBnnuP\/3KymeAJ\/mkIq1R6bZ8N8jgkulRrQQeihRlCI0NcxoR8nKCAeW4\/hORKB4OJosSYoI\/Di9GOl+I361jLip9h1Ol1KNubkNcfOxENWnCYY973BkH3btnITFUgyfZ4fShFWPCM5vrnkORQcST29bfKMrvg93P07Rq0GTHoRHcZmLBeI\/2f3Gl0AfQIDAQABo4HwMIHtMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAULMVtUt0x74zsCIHt39zKQwBFAdAwKAYDVR0RBCEwH4IOZ3Nhcy5hcHBsZS5jb22CDWdzYS5hcHBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVzZXJ2ZXJhdXRoY2ExLmNybDAdBgNVHQ4EFgQUcLE8wVdqtnyesByhIkinog29yq4wDgYDVR0PAQH\/BAQDAgWgMBAGCiqGSIb3Y2QGGwIEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBW4\/fFTy28qlnb9tV3+pPlpIpTbx6u+CzXXHpn5\/Eeg70D33kR\/idIDSMQUgxiii+FuDS9MbMQLdJbPyzVOnI7KqZ8ysFmyTAqkDs5GD3hy2q9QbBbRrk6wwI0Xxs\/Fv\/cMhABHKeVoG7Jok+Jiva0CVTyCjFRLHgbyWkEisdlZNmEkmy\/y7bByOMvWRRgcT9iCrlFXFwhVqTODiIk1YUomGZNmRLDl4BQUVDOHXnh3l\/O1G+u5V1INE4WwAxPXoL46ElNpD92ognBauK12m2RJQKWq6qvkogpPd4CZzLhm8yg948mLcrK9Vc6WmCpLMViFmqTa8GL0BNDepmDqAOxAAP8MIID+DCCAuCgAwIBAgIII2l0BK3LgxQwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTE0MDMwODAxNTMwNFoXDTI5MDMwODAxNTMwNFowbTEnMCUGA1UEAwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02373{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":794223,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUJhkAACsG6aMRiaYjwKgCEQG7xZn\/hSHQvYfgt4AQAEEgqAAAAQEICsoQOikR3+wUaW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Jhawy4ercRWSjt+qPuGA11O6pGDMfIVy9zB8CU9XDUr\/4V7JS1ATAmSxvTk10dcEUcEY+iL6rt+YGNa\/Tk1DEPoliJ\/TQIV25SKBtlRFc5qL45xIGoZ6w1Hi2pX4pH3bMN5sDsTF9WyY56b6VyAdGXN6Ds1jD7cniC7hmmiCuEBsYxYkZivnsuJUfeeIOaIbgT4C0znYl3dKMgzWCgqzBJvxcm9jqBUebDfoD9tTkNYpXLxqV5tGeAo+JOqaP6HYP\/XbbqhsgrXdmTjsklaUpsVzJtGuCLLGUueOdkuJuFQPbuDZQtsqZYdGFLuWuFe7UeaEE\/cNobaJrHzRIXSrAgMBAAGjgaYwgaMwHQYDVR0OBBYEFCzFbVLdMe+M7AiB7d\/cykMARQHQMA8GA1UdEwEB\/wQFMAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01\/CF4wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH\/BAQDAgEGMBAGCiqGSIb3Y2QGAgwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAj8QZ+UEGBol7TcKRJka\/YzGeMoSV9xJqTOS\/YafsbQVtE19lryzslCRry9OPHnOiwW\/Df3SIlERWTuUle2gxmel7Xb\/Bj1GWMxHpUfVZPZZr92sSyyLC4oct94EeoQBW4FhntW2GO36rQzdI6wH46nyJO39\/0ThrNk\/\/Q8EVVZDM+1OXaaKATinYwJ9S\/+B529vnDAO+xg+pTbVw1xw0HAbr4Ybn+xZprQ2GBA+u6X3Cd6G+UJEvczpKoLqI1PONJ4BZ3otxruY0YQrk2lkMyxst2mTU22FbGmF3Db6V+lcLVegoCIGZ4kvJnpCMN6Am9zCExEKC9vrXdTN1GA5mZAAS\/MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg++FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9wtj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IWq6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKMaLOPHd5lc\/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH\/BAUwAwEB\/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3R01\/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70"}
01658{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":794234,"pkt_caplen":977,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":977,"pkt_l4_len":943,"pkt":"xGGLNYKpxiwDYGpkCABFAgPDJhoAACsG67MRiaYjwKgCEQG7xZn\/hSdwvYfgt4AYAEFJIAAAAQEICsoQOikR3+wUa40uQKb3R01\/CF4wggERBgNVHSAEggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBcNplMLXi37Yyb3PN3m\/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQPy3lPNNiiPvl4\/2vIB+x9OYOLUyDTOMSxv5pPCmv\/K\/xZpwUJfBdAVhEedNO3iyM7R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4FgxhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL\/lTaltkwGMzd\/c6ByxW69oPIQ7aunMZT7XZNn\/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AXUKqK1drk\/NAJBzewdXUhFgMDAU0MAAFJAwAXQQSY9aaZgqV3Ao8juLIcLj4gtM5U3s2R3yVtlfmcQVmaoNeCpnMnbWgazbijvv8uga9\/asVCtVbTWhDYyztsY2X5BgEBAB7DbuX0uVlePD0cwlB2V7ola4+vm18g1\/rihkcXGmun2h0iAqxSioPpw6QDVZDWAdaMv+ar6DDdnhMPc6wJUWI2T5cUGYiO1MA1ukOFB4lljTIcaMOuGUbVZ4btDdvb2Yf85Zuw2\/0wnoKoI8xpPvfIDEaj3putoppgk3J49T0jXCmj6GvgX2KyNcWtRWi2CoZItxdxl8L90ZYGjCd976dbvu7xJ7uhirRoo70bWSsuwTNvOZHXj56tWeDzkuz9mpsV878j8RV3RX3VJnwt0+KV\/za1Z\/vzw2XJJ8apWI9MsHvQOYxQySKeKuDHsrl0+0UNIf6XxZ0u1TixcMznQakWAwMABA4AAAA="}
01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
00424{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":810214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA03G4AAC0GLFkR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6u24QAAAQEIClsTDB0R3+yY"}
02358{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":811781,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3G8AAC0GJrYR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6vJSQAAAQEIClsTDB8R3+yYFgMDAGgCAABkAwPmeFGGnHgpP7l40Luq0\/4whPVBtZayXTPFxEUIIh8i9yBKruAHr1YWU9gHVpqeNK8Q\/3k8GBHQ+ecvxSY7m6rekcAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02369{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":811904,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3HAAAC0GJrUR+LBLwKgCEQG7xZq3FA0rAs1IyYAQA6vpHQAAAQEIClsTDB8R3+yYMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
02367{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":814156,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3HEAAC0GJrQR+LBLwKgCEQG7xZq3FBLLAs1IyYAQA6sMzwAAAQEIClsTDCER3+yYeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01123{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":814177,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"pkt":"xGGLNYKpxiwDYGpkCABFAgI33HIAAC0GKlAR+LBLwKgCEQG7xZq3FBhrAs1IyYAYA6vLUQAAAQEIClsTDCER3+yYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwB0DAAAcAMAHSD+x+VytcmV7WNXgbXmLp9haS4GjZxzboO9XW5nXMTLcQQDAEgwRgIhAPvT3IV9AjdpNGefDbSgPSo4QhMddgpu31WPcQgBdC\/cAiEA4VcIve2LvffT8aMppvIxhDUmtFZvpbOwuJdoe\/LlSHgWAwMABA4AAAA="}
00426{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":910901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUjJtxQSy4AQA\/Sq0AAAAQEIChHf7R5bEwwf"}
00426{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":911303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUjJtxQaboAQA\/CjLwAAAQEIChHf7R5bEwwh"}
00426{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":925892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h+C3\/4UncIAQA\/RoaQAAAQEIChHf7VbKEDop"}
00427{"flow_id":48,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":925949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h+C3\/4Uq\/4AQA+1k4QAAAQEIChHf7VbKEDop"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":929249,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00664{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":930239,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454599934,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":934729,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"}
00552{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":939978,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WaAbsCzUjJtxQaboAYBADmiAAAAQEIChHf7TtbEwwhFgMDACUQAAAhIDKkQIEWZAlx88rOX5tT1olybnRVZCCFh2Ych8RieAgkFAMDAAEBFgMDACgAAAAAAAAAADOXRaCOmlNQDoZtFXOkJKDr47Af0t1lcWwFJ7SeDnj2"}
00437{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":967985,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="}
00496{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":973712,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBn3HMAAC0GLB8R+LBLwKgCEQG7xZq3FBpuAs1JJoAYA6v\/UgAAAQEIClsTDMER3+07FAMDAAEBFgMDACgAAAAAAAAAADE2avL7P0pc78ZIY1bGS0FIS5gBV3fQT3oYnSyr4D4Z"}
00521{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":973745,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAgB53HQAAC0GLAwR+LBLwKgCEQG7xZq3FBqhAs1JJoAYA6t1tgAAAQEIClsTDMER3+07FwMDAEAAAAAAAAAAASYx+h\/qLsTbOQlgH9YgSCutXJdRozXVc7bSZzNKXSSAd0yCTsFYntls75nAImoAahsOz3gPUtKa"}
00425{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUkmtxQaoYAQA\/+hSAAAAQEIChHf7cZbEwzB"}
00423{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"}
01125{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80888,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":115292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"}
02389{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116695,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUcJ4AADUGozVce00awKgCEQG7xZtUZWonqTuC\/4AQAOu0AQAAAQEICjMxt7MR3+3gFgMDAHoCAAB2AwPt61H6LFcJK86TX1GoH2PrY5tXpRF\/2SwmLfjDobAnLSC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcRMCAAAuACsAAgMEADMAJAAdACDz5rm0ZHHkdC70mqVixD+6PP+1VpNnjk4S2jr6YWMQWhQDAwABARcDAwAu\/IL2b+uh8v\/WQXLnGLTJF\/1zhJjgI4zH07lbGC7eBHKA5px\/1n1rKaOdZ\/oycxcDAw9hdpml+4bz\/FPRkb\/SbtBwcuz4cXwGWPA1ZaB1Xue15aFDeSq1uaLJCA8nRA64afvuv2HzQacaTFRgiAb+Yk+prC74vIiIILFVz3Dcw4bZ283K\/U8H3mFxQ9kuLXYXeen8TL6rIGsdv1CnXplV5+M4L2NJKP+ZOYpOgWU2czzsYVbqLROPY8WHyRJCiVgpgI2BwhLkwsgUT3G+R\/i9aVe7UU9OXlvxHfpz\/UEuhI82ej\/xl2nJVMqCjr+k+CBUrJ2\/7k2b8CkB\/oObgL6hITgMR62I6D+YWaHbbNZgBDFWGR0lPcAx8TmaEWQiC+zwUP\/bAfg2ciphmehJ+xqcALy\/r2LJ6XBqaQSeNGdNZbGE0kK0pxxNlXS4xECnAUnSjTByNgmD0kxL+6fxTRGjdoIXdw\/eQ0ibGkzgHaAkMe5VkVIk46bdyCzhDKZpBDuF5v+jvxYAeoaUAy2RZvT+cik9evtYRtpklOsUjwDDFFFv7UOszCSHyxBifzyb4HjslR9cPPfTy92zv4Z8fRuDLKENWWDuwsyniTVEcOcNcuJBVVIAK2FI0Z2i2G7zS8YF6y8kuX1UlRsoWpS1Wx0JX4c3I0FMU6cx5GqXpPfBukHyn9yRVGJvwDe5gncxu+tBuC6V7PuU+P8UH\/vwxHpz5pBOwoKIe3uV4pDOZy7ptYeyRNBok6iA1g8A\/qzg2Nms9xPpdPNpY8zqjzJb3rcL3i5NJZsGgxErINlbnURvA4Jv0W7cLXDzAfEXP4EuH8eTLhD5mkATgzvc03nNWkE62B+1P1FlsqaBhBtom1a7Kf1TF+UB3hQZD2DON3kFZ6nHyevuoAGKjS0gnIzStI\/ehnzKZiUdBjCzEoeSr2bY3rzy4HCahJCVIC8ImjZg7OjdZW3273pdEbsAwwg5kcwUHsG9u+VngPhuMSQ0vLgCM9vt5luBPw0sU7XPJKB\/lTIYjylEH5kPE8AymVwnYAZkXzRienK2lyW194jONv0VuGbBgH2+rD519x+3eANtV3b1Z6Sg0KMSALIZCDc0qK90H6kmABzkGlmu3zer9WFypg8lciwzMX\/gsnZN2SGuidVrFmGFUDbaX+7dnRBzUpCIbWTED1qwv7SrZJK\/fpYRpgl\/AeHqgkHIww9\/ujcKqI6U\/XAHTllgvHLnDki3Wj6gpKpFpOb9\/YhP2NBslB0pbUNLTCV6b4AWXvUBT46VySxj27HTjnV+8NQg10tlJW6+yXfV2ysS7\/w5XoYyjpjCPbHjbfncluasqfZkE4AMlYLaPi8vwNmwErCOOq4ChMAfwuALUL9GK9sU6DPQBAU5pxfwUgq1GJs+nL9doBOcThIfcW6Fo1c\/e9h1NUBZU07VSI6prjj7sNiiP06r53dsmscVRTsgjT3wuAZKx4YiW+6zrV2ZRAKWWYzEil74OqBABpIX1rAkWb3rTk1OclVbD+sC\/tDGbWW9uBSsr\/liO1Usp5pFlj40HCf9Y1cKJ7DmpkecUrMSSN1+Q+wq3usWDyhnRVG9sHpw6MvjZ5V\/vCpLkps3I6nUoKIF48iHB+tyPnOb4kn7AAIjUuogwgK8vwHvkI3lEsVIbH\/9F5sNXuXWmAA+gxKrllyCgYK2jacItGh8R9Wrdw\/7\/x5ruAolo\/zhURyg+Ygxg8AY6RyVuakgfoTogkza"}
00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02380{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116854,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUcJ8AADUGozRce00awKgCEQG7xZtUZW\/HqTuC\/4AQAOvMTQAAAQEICjMxt7MR3+3gn2nKgfmgF8aBkF3X7KNk6924h1FJsguks39Tk7FoXiTmioe6vz3e8l4G3Hl88yrKTSppvPgnbA4LIgCa\/hHBWlx0ORGxxsTEZgbUtoaAe7ZOLtOwoW90Py56ug379hKo85n8MFyPZBNKq4TcGR9hcO4NbuYxncak7IdoE7Nj6EUghd3aAjAXqH3LTxF76oopL\/JhumvVC3dw7VsHgEJauvJGO5HmNSu9AscFLSPu2qw5pH0qSm1H3dg53pUKsUfRg7y7dgZ8T\/v42On\/n5w3yLHouQ2sMaolF\/w\/p+SnXeNANgRhmY85tpb6B9kr2N3w4NEwBiC6S3MdfK1JF5yNBoobLxFbZFcTbayfGKs3at+GCok3OUkA7sT2s39j2lsr3H04Ik\/sHCq7YdiegEiBu\/eJy88ejAskE1SC6PTIBrH9DUOUhokOOEzz8eN+VeMte2E9Xe0WJn1ypDMXNh+ZYMI5LZFE13QL49M3Q+4+wmXLc+dk5EwAX0Mauvvek5S3GqoL+JBmSMG9TSmU4qlO4GXJwDq3WGToe8zBbnTBIvrv5As8GwuQ99OB4+ooth9+pC80yFhkesFfTlFQwIAsOQOAiCh0kjTLuidTU+fFeBeTLuyx4LEUD50WMmu1n6rgaZY4oWu96J0AFSqLYiJQXrTq31bnIIx7gu1RxyRByg4yjF7NfouMonfJ+470hO8cybUvH\/ormNXFsMrsjZqr76FxX9tA3KvtZJ2CTkYPOnvwThfg82YYhJi35M7dVEeKN0j7uBe1JEFiiAIYFT+Di5z4CaWtpwngWZJFEU3i3zpkdW2WqM5o1oaNUQ3dxcMPBN+8jHvz6MDcGqLoIvHsfIVBmMa5fJywxqhx2UGt7qMR4SUlIlOXiaA16yCvXF97FEDhUjD606Mck0RI0gYMuNOKTuFsuWlvJkgM1QtGtEhBoaFsWu9GFsm0rWYchXp6vY3iVLELUXJa1J9w7u0kznpwFhS50fSWRJVIrCAbtVUXLBwCwzeXA\/psp8mpwXu+1aFDnTulXXNIaKYIkvVuxBMn\/XcpETFJMfdw2RwxJ5SrXPcDYB4KEOBTeODNXA3ztqaFAw5aaaMvODhBx4aog4D7ncqV\/tSGnyt4SpZzGeAqnqTMcjCO8q4kTpdAwlCDOmKDI64u2u9y4R4jasGQgSLknp2qogAojJdaDjC07zGPnV54lVjlbM++gzmCl+64AV0Wapi57pNh5nhKe14UICK4S1\/eVSLi2UVPiRdXqHRAnVUMZwUZY4X2tro0Lmix0wo1CG2pnIzQd95Z1v99CXLjJUMssikjv5v9ArJouToIwVoeBEAIV\/FLIoLw6lKXaTRoUWU8b2t+exqF2oIoQyxUKvxiapQKC1tsfFo+kcDR9phLmtGbDTKK\/GecWARBWWWGpQjjodQ\/4tPWZwXsT9a8OyVUWkie6f7\/2E2WQ\/H+PiRFbFuHric+37Lk6zg2U5K3rFjOnp9g0sMCKRmFKs\/7Unj5v83vjtavl9H1YvUx+J3QefQzHy6LWoGG0ef6LRQRXodUdtpY\/yr36YpgYisXLiVgfJtuSyHDNGAlY4V1FZxawcS3MqO5+V1h3zGcddTgHIc82Cs+iKoHJgi91vel7\/pq1Tk7+uZH94J6dX1UIp5nO9cX6fVeUvOaO75f1iU5K\/Nijr\/EL\/Pzir59OuVP8R0\/uHhcStDoy3qeuRZ\/MOolCXeuhGRpPUGO7foBrnkxKZbYYViI7jBspmI\/TkXyPpiK5NStN88bhfNnsmQ7EEbCUuq8KkNAJHlkcYqA\/CdWAft6geJqvGog3p8feqyhTdoj1vPwv4H2KEQnWi2EfSZ0lShAFK4I4anU1WcuNlWWRYTFJENVgtO3kU8GMj65LfPRJrA9xjAdiOnDNlSY1DZgXSDBQJduK0LuWtBG"}
02081{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116927,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0cKAAADUGpBNce00awKgCEQG7xZtUZXVnqTuC\/4AYAOt63wAAAQEICjMxt7MR3+3gynpz1ygj\/bNUsbM8HfPqWUKmt0Zp5XH0md2fuKkLvqo2GLSpcLsvAkG24g7AGxJOTSmJmSFSG5W7ioQg18v8jpiPxzeYJbEu2AqIf6wyQwtvs6GE3rgEIeIzmdguSBtGAcYs1Qupw1V4UgUdk1wXjSKEdd4GIavkNFStdWoWfbyomomSUUpFbda\/MS3ZMSCxez8uzFRmWToPEolYpfqBEcTQCw4SLh1KcEcQZPfFbYn\/wBOdmWOEAK45X5DK309oe2B2TJfVY6WwyWoXqZZV2DFxTPzKByTS6DQ8j8OKd6On2UUrx\/UYTTMqwQ\/b1A9ihjmtLYJQmcHCPnuaLV+rBmfCHsRKlJBKCujbz+OH+ZNtL4zGeGq8lVPRwPSFSD1PbAjIWoxDo2nYy1pTq8N629cg\/3N921rid0CRofH1AsyGQcMDGxoGlVfcK9fQM0C2f\/KbZ4RomG7bOpKje8ozG7dQ2VbI0AYrjduLgqAX6pR3meIIMaAnlzL3LpTnH8F4q9549jefbBeNnumYxHXoq71vQ7JN+ajAi07ftBNoG6P9P2LNZTAps3c6oW+MIDUnE\/SVpTBmMJQ13QYlGoT8xMAXMwMwMco9rCt1PCgZkFAvMve82Nf4V1GWkJEBH7xyI4SIOQCs7GxcVhSs9AVFOZBHKUwc8jZj7vOpGqa9uOhZP4nNakYP1jCg6iBKeKpPxGIrBQytACXBTEpcNJCvqVt\/XZUFfBk1so1BS58QR0V4Ua7\/kUR4uJJgytp7iD1elajgXgPoLDTrkONgzg2kj9mGSE0J5x3cOwzluzWd\/2gQLXa+O+aOQQPf8avyso35IpT4Odhhch7CNBqFdmKLnDOEHMg25c9nAQJjXu6bwQs71cdyTnYQkRXiIHiWyoHQnbs+a\/Iqo9cvOQhhEZqfqcm2TydTwJGDrTrlSuOMPJPAzxh5ZSyvga4F1q3l0bT8x13C0DBDBEzCy2rhc0wngwm2E+qBf41x2C7o8ThzQEA\/if\/QyXvqk5TYR4dhT5uEIMWtel8iluiX99pS3xfFH+n7LhmlhuRASFlIj61j099Jb1LuJxQy2M0HvfQ7znlAuQKV6nG7OSadwku\/hbYMk\/U4m7qPDPsnwS3lw10GxMqN+rIuEshmRXhyUywZrzz8zKCAJXP87A3r9\/XfS7Vlg3MuX0EshaRFm8VZpoGnxMWUjr\/ucwHO0y4OiIr02A5QPdnCG7fbFXCxtgytlU\/CDvnNejFF5bSvGzUjvIAThBJjFE+aYB6OkJA+NO9fLiPf8Vp6SEfU23ffYm\/XlmIcID2YMNs3gBCuOQ2A1dG5yWLDq\/IG8Rnz9mZ6oTukUKowdGJKnHSbCeP9cOpD8+qxRVhpDEkbDxwQgMMlw\/9Uam4tDY5YHBzS4pM08V6MiQ0Eh0Y2cVK679S0t9T\/sh\/tPvt0FgEgZEeh4089uah+oEx4HiYFl6iLp\/Tu9wGr11xDQoSSgZuyBUjErS6OljQbTOtay+q+pEtdGDXe4tksRL4zBGdmfzkCL4w7EI2bkAo2XJjtZdx9wqL5uGiubBsZYb9qBUCu91OlMeXMkBNmAg9FIKvG531uJwFd6OoSxjfFV2YNmixIn1exKm4\/Oi4XGA=="}
00956{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116945,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"pkt":"xGGLNYKpxiwDYGpkCABFAgG6cKEAADUGp0xce00awKgCEQG7xZtUZXonqTuC\/4AYAOuJSwAAAQEICjMxt7QR3+3gsXa6VjEMA\/qTH4WMxt\/gfS5E4SAH3a5nmEs4Ha4iFwMDARlx8j7b2\/wyynr\/fCjWGnceHIW5qdJ0Ed0eWVgfY8+6dPYr74sh9Ipek19YOtvsg68aayL87264TsJm6tjpx+gyYZRiowvAQrZgj5KLOpg\/RuPvHkFUXg0XQIrUF+j45aAto5QF2a4WUbLlw8x7Alt83CmpLJhSio6qnFlhyYY00HueZ7hfsWKuZgWP0GljSeG5RYgz8INO5FGUU5B\/SInaazsKyaCxgriUrqnE962Gmptr7pcf4z81ByJZPM2uSLhTDwF7pZjjaNysDZc4NDbb0ncYXukqFxGk4olRIShvAoLVawWnSzvt8UfOd2J\/ejmG5Ytt2cVAuNWGbCs3+S0hncmmqHuEBDlAlvfYK5AjVPEPyKufTGua2RcDAwBF4W2JIjBskwTIw1j05siuqREXKUeeWZebQIXIjXhU002OIbsotbsoQ1lgL+24z+OPb1kTq1LMfdj5Z\/u2tJSxlVrJ9UeS"}
00427{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":119504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4L\/VGV1Z4AQA\/ReUgAAAQEIChHf7gUzMbez"}
00427{"flow_id":51,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":119523,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4L\/VGV6J4AQA\/ZZkAAAAQEIChHf7gUzMbez"}
00427{"flow_id":51,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":119573,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4L\/VGV7rYAQA\/xYAwAAAQEIChHf7gUzMbe0"}
00540{"flow_id":51,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":130428,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xiwDYGpkxGGLNYKpCABFAgCEAABAAEAGziPAqAIRXHtNGsWbAbupO4L\/VGV7rYAYBADYRAAAAQEIChHf7hEzMbe0FAMDAAEBFwMDAEX\/XpjJrdIuTQ7WfUad\/LITgBIPm70rbSOAE9S9roolg0tCwdyvLJXS9DsSfw\/F0W6bgM1P9P7o4jVsI7rbu5Y3epqnQq4="}
00822{"flow_id":51,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":163859,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTcKIAADUGp7Jce00awKgCEQG7xZtUZXutqTuDT4AYAOtUHgAAAQEICjMxt+MR3+4RFwMDARoUWmOetpJsTERJmzhBCA8jpi\/xcKnLsK84kce6Ao2MRyhDd69aWt\/ofXEx374g\/F5QC97XpSdg12YxhbAF4DSNvniVx\/hh0rTMr2XpyPxBVKAEzwiiURhFAHBFphw+C7xWaPNPncluuMrKbfPuxFXPxMxKCl3J8vv+Jm0txfRwh8+bLDtXV\/iCh65AvpA0Ns9oepa44WmiMYb51QvCNz8v\/PJjWXE6voFML1EXF7aSWioEpak47iKkIEa6yffGFtOQYGTiOR+xbxgmu67OPQ+8aieh\/\/g6bFtJblx+2VYbXwasB93CAS2\/flz59HKJF31E\/vzvRmun1HlzPcSi1keemf7CHy+rU5qqPDQk9aqWEcTe0vw50H7o2q4="}
00818{"flow_id":51,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":176375,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTcKMAADUGp7Fce00awKgCEQG7xZtUZXzMqTuDT4AYAOvWbQAAAQEICjMxt+MR3+4RFwMDARphOZHE1qgUIOEb03ZCD+O0FOJclKPZ1SVCxLgyzVyVHzi4TUQEujdDgJNPkR\/GPimn6coUYENMg3ZdzceVssTJAy\/z\/2LbNdsPkMk8Gze3qRvtgOrBKekQhMmE4Y\/qzNNGfcOsK4uEwmaVThLaRKXXUZpdn3UJ++2PMvfaqROQKGmYtP77Z3kXY3QP1iwb\/42fJ5M7rzTJ7RYmEho2Qhc8r2AkkEaShuzx7GHCvnKyTTmUHHMpe9Zq2zY4gGkoW8aXLao81Ku0NC8JO2JLCGSdIUn9g7eBMAjUfoxEWHWWW6I5O\/jkBOUxwhD8Bp69iTvuEpx4QzDXjtAMCpzJrI2YMiY4GrVAvkgMqz8SnsGKNSzd4q8tUL9mlY8="}
00600{"flow_id":48,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":252093,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAgCyAABAAEAGv97AqAIREYmmI8WZAbu9h+C3\/4Uq\/4AYBABd+AAAAQEIChHf7kLKEDopFgMDAEYQAABCQQTZRdeqgH933\/0YQkxoVWk3vpi\/5MvHcUXVGqvztHrVmPzO2NQcXf+XPiq1cZU3+MjmkxYpWsXyROd9tneOJAR6FAMDAAEBFgMDACgAAAAAAAAAAJw1OZiuYS+tEO+Hd6c6lK0ZkgPyE5on+DTSJH1yoCwW"}
00497{"flow_id":48,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":443725,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnJhsAACsG7w4RiaYjwKgCEQG7xZn\/hSr\/vYfhNYAYAEGDPwAAAQEICsoQPLQR3+5CFAMDAAEBFgMDACijXGTc3lLFvZRZu6rFz3PNVLffHlIVt0NF7hnDkSCoTEf3BF4V4KgZ"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":454021,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00635{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":494055,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454600508,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":508065,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"}
00438{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":541627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="}
00424{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":545275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"}
01124{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":545389,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":579000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"}
02379{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580592,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2cAADUGlmdfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOvvggAAAQEICojTPtMR3++sFgMDAHoCAAB2AwP8TH04ZCrBb\/gkfljnUmujowdNxER7kOqz1gAUSd1ARyAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbhMCAAAuACsAAgMEADMAJAAdACBId\/Nnk2O5Sr4v6R4YPHo4E3mOFhXJdd0yp0DfW6I8TxQDAwABARcDAwAudMmXJPizSb+uU99qMbx5cAmpJSCLpPkIdtgbXgjKl2Es7W8sRKs7LwQENOumdxcDAxZZrS3p7EDxmR\/IXQjmqj4qIg62K04sA4wA8ndndzwoRJJ0ArSgjxsIw7SrLyfZo1bty+qCQYtU778MH9nCUJSxZLfaz4qJKmNOdx18ZEbSouWbYnumd26W36\/fu51gRJ9XS526VmaJUwQCfdv+7r6ZUSJ30RHugEU3fo3GLI5Yhe6sz2jCxaZylLfMjMgBcw6Ew7WqtZOmdo+m\/+V7FKX7YabQSZmpNz\/90iA87SUjBd+o0GPrlKSX+zgpaHBgvjZdqMSfGrDJgVtPEx8aL9b3ILaucW8tnzGY7\/hrsewgFXWKiKQ3YwWDMUX9gCE8GVAIiZSGpQmLJfUS6JLxMw6CyHNB6LZrGEY08Ljij\/qbKe0wdWpWXOJUJsVbpAw8SGs+ngDrozzw2MN1hX8nVhHctc+ZNwYfayeoMlbNyNz2crO70Ija9sijbkIQUM0xKwfwiexnPM5Ze4ksue4SfdSeCKlit4rerhP40Z2mh9xxZwHC8Yl6a\/LU0FBiMiG3X3ehFnXhnrJ4WqLsE5lQfb12V6AZlXSpDwCEHMVi6aZcHdmubp44fy3mTCBuKfI2DxJfXW7Ei6carC5Rn4PvDYucmJAVdinoQZi4BnShp5CkYd5sJuag1Y06B0y5pOiSM3EkRcI+jA1HqPICGHYgP9CqOqmnyaGJsIYwUMCCQlwq5vDvlgEETaqMtEGMpxQUVn7wH6RX8ysxaQ9gYqVrX5Z+fAvQvkyZZGwIoIqDF53PdClKh\/eBs+XtNdUU15aXQCE5wJbqhuXY36zI86AKLzkrTtkC+JkTtc0+b9YVvsLVTAk60yTnjC4yETkXglK5arNKJQQ8wO+yapKFYAy1z6RgktiiKO8HobCTmnrClWvRHGYqDk12Ih2RrtGQH18g\/B80eep9I\/EIOw4299xv6B0wvjiKDkvc3yUFkDfqs4IEW1j6w4f2h6I9mfV0woc6lmmWPACkfh3I1HvUftoBCC\/F4S+NWegAIYAHjhMhd5xS\/b3OWA0B7WYY\/AKwl0oGAIafXNFyIEEU3Tu5nS2FOjs+PZM6Ht+m4fUmSLxQM5SVWZo6Ga2Jm3GvuzbWiqWOiIPSAaFoPbq1PmeFX0qpIcjfiXjMCJZgoTnuD501kfO9FJPgV\/IATXU\/8dUpMk3cQwU7F6Um1gDSdO0UBTbEOXugn6kSlbhkSz9+JamsPAPBuzZYSeyQmZUZ24JlGUqZeqh60BUe4yvtzza49oGKt82zMxLWDI1jiMTrPt7cQ6tvF5ndLmftTJrIZjCbVHQ0bfpxz+Fz2Zd67mu8iPx1NfAZO5LJCXEYLbubq09dweHBNYTjHKm8TQzFs8wdtbhWa1yVdGS3h\/D9XcZvVmPlQ8MTJDdf\/Qe0HPLiG1miktNzT9Nyu3\/xsvWbLeaXVFkA7C9X67tzGDwARaO0\/\/MnABlnUjv3b9d17B0qWElkpNZAvOyzYw9iMrf21U9gYRZFEvFrA9PLZKhlV592v90TLSNkn5+eUdXprHVwBpJugztp2hkedjOPa8AgpPYJQZjkOJ7VFXp6ytPj6uc7wyl6N2NT3Xn06rL3X\/KuiYXW7QR4mTk1VA0KTdlbbr1IBR2zGy5jU134I9FqoaxSm5iu14lQGI8\/oyK3tOofGPmoPZ4GQghrNZ6UB+hh+t\/\/UnAY56vWxG\/p"}
00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02382{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580604,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2gAADUGlmZfZRg1wKgCEQG7xZzFmLrgIt36JIAQAOvd6AAAAQEICojTPtMR3++szuNvCfcQ3E+hmHoM+ZjvVSuv9dUCHP7J3aqGCVlC1HDszwxyFUimKhi2dVLHN\/ASBFwzIfhwm1zB1aX2kZp3tcj1jvrRfpYyIPXlx5FBOZjT2vIXeRU1HEk\/YAPthw9ML6DdTUF4HizJFE\/MMNA\/9IAIn42LK4Kl0WLbJtvMDwzvbMJVQkuvcrcXWeJ7Yw5iCadxuum0uoGX+bejEF1ZW70jnFoFbbNn0wkq75wE94FQfdG7ms5TWwRVgV42DAOLxa1XEOZs19UDu6XE5B7iIciObNajWeDkiyDTcsHNAzoqcwxDhGOWX78u0gpU15IkR3JSoTObpxy9OOAUa5HIUDQxcni6rIAvL2HWmGO0o\/095LxReXjnuBRMDxX3tqaU6U\/AvAyDdVtysbOqwps+\/zrR1NxYblB632WXG6tI0Jb8AC6OODtGXnUBMqF4ywfuLHNT8Bc9TORh1bf\/zIeGIUlOBr8bModwBiwZfg6YUIesWlS9BbxPrqcn6JHWZUKeePt74gpDcYFf0WjMPswy2tg54+f4OJyioKC4m5aUEGNMesgcSCHEph5OGJWcX6qPQlk2nvc69V0dP2GmKBLWpU2u0g0cBKUf3zgOXlYba\/cCId+dPX0vZRvzvm3imxZ1N1hLbDKfifoGcdmrKe5wNYXE+avQU64AxmYXlGH1rZi2dkEk4tNWB2n8T4q90SKT7F1bc6qzSI\/LZAT11coQkdUW8Q8I5V2dIXZVjaWGTtSZikLU\/lrLuTpdedsjX7mVxoXHXq9FDY40Jj6IJqI5zGleo0YQ9RbhAtf+7+9oJPl6h59LTk7vrBWTpJAWNmRtoEm2U8Wg+xLXQuvI7IRgE70L5EDNPKuqnmLeoLTiCipyBNdaf3hF67L1jfJUX3g04HCVCfZ4idSNCoOCsUQDFFGQ+LxiGB1QW5dlN9wfJBV6kWaBDw2rox3PgxYk5F0hRY3IIqoqqXv8GJb+n+8lJw4lcEwV8MxkROomgk9irDbnylXWjjrXZw2WsfjgB6wR1GsUrSUmOX6yeeEvOOyQe3O6oM3sWD8XnX\/tCcw9DMYvf22Sa+sEwNfN9LCChdR7Tkni+AZD+qgTH\/nqguEqiCQSgSM4Xgcwe4x3ozbECrhGFvVlKdZp94Jjncwj8kml81k0KaHJEe9g4KINkNA26ft\/RAldqBMjUXY\/gqAO888PUip8tSxDjCvdR9mwmZFLxs19AxCRRqyq6EdaK0FrSKPziuHmcoUS0QOl7oVBNtYbweASveLzzdnib8siOZbFYT\/zVpt3Z91R63oZYsNHLOtpVHDqn\/2tOOmhJz0keUtBRsWolDGKl9hFKLBO03XviQj\/sx3ZOtVsHjxtkOd9hfgATBfecvXVlNo6bPr\/MIr4Z2s7l1KgmKKxV0R\/Vvnra\/ns\/pUh+KMD\/+NdB6epC14G4Nds+fpsr0CLobI8Fx91L9OAedbuXjWUP\/yWpJk5x15uDZa1y3x3ZUjnTxehGTQlX6L\/Xxy50nLdl6zQCojVP81ap6L1402\/MnBNxtFD9wJ9bv4ICprjup8H7gdQx4MjbxAGGBN1yZJDgcAVR7AoiqjZjVlXI3DMjfj9BMJFo289W8QPe1nXbmhRWss\/7d49TaAYoOAM+lVwPatN8NeehRn00GJjdsT6yo4kcSkpkqV1szCzpQCExFnBzkTksYyWLQvvT+yy1okEA3ppOV85tK1cxWVsMPJTc9grcLB+UoWEWL7PbmlGk9+bGxH8l+L5uIJ1nOWzo0eA9CDe6gaYLR89x\/Cy4j62ubjDsUlQxe6\/E4soHuSGrl8JfT\/oQ\/13JAYm5isWKXU62M75JeKsXhkybPPELeOOVcP43fXC9vpTn4hhEAo4E+6kX1V6mpot8OuK+kA9j79tQNwqcplwHGgOZiubNieZ\/dfOBikW"}
02074{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580954,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0r2kAADUGl0VfZRg1wKgCEQG7xZzFmMCAIt36JIAYAOuRnQAAAQEICojTPtMR3++ss02MmIAnh+RZ0NyPM0J6Hg\/9Z05andIjWZ9U6COvSgcZhLgKTF4ETrGGvMmsf34PYDBdblOEuKcaOQogDklxQg55tuBX+52ItILIft0lkVw0mkAcQwsPhhUz7VgEXN\/cmD+TYB+AEgkShyvLsp9fOSjwDN4EVn1WFTwAzp0qSOYE2VgBIHCn4fsVO8sfXTvZEfZsONoNPiE5DNn1luuV8eQa9iS4jyRbXEoQbzWkH8uUX3bi1wcnQnVOo3pls4V41hpFiNCV+f+b+8SgWcZGJlbnhZgaE4u5y8Scg2tUXOXm4hN4j53vmfl3U6nPmtXfeHej1i7rQaw\/y9khIxnJEnks8aKZNNRnG3CUvpBNCxm48uTv\/joxIlKmjjEw1TjpkN+n\/gBmOzmYD+Y2Hdf4g8Cd7qbRxFJkkxmVD7A2qZ\/vw64yBgG87MWo+rYoN9Q77ho\/eVbFES8nNaNHxBi7A4ZI8280iuiOCS9H1+6d79VI3O9FvLNDsH1C9hq99qgoWj8cHVIOnXXXbP+gbRmLfSmXeWBdwIU1erGMfhKPquha0df1AF\/IouAwgQibzRiq3yyDDO7J7ZU4iBbBVOihCzjJALSGDS0PYvYmAzxFGFJvMtgvwWNHUaYJ+2\/\/zMtYJWpOyZVateXSRcVOQm689vcLB52z\/F4WfZvXpJElWALaandmb0NXYgTApOMHkR+R3aXfLGiBCVW19yG1M3nWxWuVHyBPN8MkZ2aQiHF8estXztS7zV56b\/JryVPkseADzsVa3eKtk51IB3nOBC7t9pbuJdpbnVhzy8+QSWSKECqUhVNh\/kCQcfcd1ZyBWp51wLtfUH889eeNmiNTQihETlunQdWj3cLVjCmSkeI66kzX5CbanbbPYBrcjhch6MHZjoF8WI1Lihn0E5snlvGZy+gv+TtS4rEt6bPlc8DX\/yU6\/jALiW5p66hP361+gEhyOdHKbpcxjRsclGcmquoLNV1mMFq5N6Rljzmg35dFbMbSePjVuIXu7nDB2AcYrBZOEPBWAzWQP0E2BuL8RviC6b2iW5xDn8Oxb4V1bQfpuanwOCuO8CFaM6CKMT+gcm4mi24Y+ExdhEXYRUHgF0o6T8NIyT38W3T6JSv+8AjYh\/EICGCtdet86PUP+8ILPMO9M571oa0CK1DqxDYkLcPJuVb81SPyQhPPYphSXj2b7PWQ3LZflyaU3aLMtvAtPIT62J4Ry3tua8qd4AWLaofQ6h1cxkP9dDVZdz4NJYWX6YjF4xc7HO2eO5O2xHVBtA1sTHXsS5mT78+r1dvNoZDnGNQ84QqK2Ba6BsDpTAYX0GQ0Eoa+ntbWChrHNnKKpTM1PfBwptRb+KNh5ch\/YXB91ZlID3AETwQROYn7vg1VHn65snmKOcB0s9Vefe5mbdtTnmSwb3qwFqelpB4AegKiIvKwf8\/E3y5GuTj0aASu9TcatYfIc9gfxgusa3E\/rA9cI6ER2hSBDDnwWYswE6p4EzIqcEFyKpKEQrEa9+KNdE8t+9D1Z7VGFeuSf2xj9XeeDaP7x6+e+f3JQJEISmOgq6h1xKIkB+6iMmsmAxyhykQxWs+SjCFKx\/WTsRprHXUBVT3C11iqGpMzc4ZSBomHmQ=="}
02380{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":581730,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2oAADUGlmRfZRg1wKgCEQG7xZzFmMVAIt36JIAQAOvQhwAAAQEICojTPtYR3++srcLGnObwJWh1KtD5HhIBsggJqFWar6cSoSIwWqAUCmaXGHrihdiGEE8ZXENRE0znJCnkqAMmVRaq0pL6cruev7aHQVZGlu8dzZV\/vKN4Jz1AYs1YgI5A4AB4XLrNHDN8k+mOP\/+G1rxDd9tziZ0YQvQbqHJdMLXpTPo+q1fhD2vpI5Pm4Xftd+Cg7wRXMkPkKZUritmhuTOk5X6PYJZuxn57J2rbuNG6jpnITDJo79qBjfsBCf7pXoUcI\/wffxl4pPkjiYYf71HyG4cIg9WiWH1he83Pae1py4t7IIJgilUJQFX1jRK0np+GsQIMqZcGssLjQkUqW2cbBg7H0A8JHOvk\/hqvDpLjdX0LjyhVZ2IdDf0CHGW\/rcX06TH1BeEkdhFRYvc5Kj2lOMeY8waeWe8OtLkMbXjex5g5bB9Aikot7jZ5R3gZtaDtqM04\/2CUa9Z6xPwOWJ7AeFVgKFQrhA9bjIy26Hrto48+IMunzVyXVnFGSf\/5DfavR6WWkDmBsIYR9I4SNdosuggT9nONeG\/M97xpIiruF0uRcQtRkW4SE6SiuIXWFmjcAaN7QCivKiYfB6fh9nH7OoKJ1SoX+yZL3ii+I4vzIZn\/Btkd6CQDFdmmrwaeWHKhQqjCKzKm2BfjOFjc7AOam09OBJxztdhvQpAIwWqOYMjA8azCWJy6RU9kcAnHGvQxRSwzFnDzbIdqtYRU\/OeSEy5Ztd4KZrvL9noxmkt2wBYuz1blaCbTrGbw9WgOHVGzncvMZB3edtN2N0jPjdPrEx+wx6BkJiY9aIUXFgz0MqYfEq1d7Z6eQWA6mXZj2QYwM0i5q46qyJ80ZC2IHHQGAgeKTB1KJVI7z3TH5bBC5iF26KHUWheopOmVB956LvUkLq0aZCmES0bJfdXQGgqWmGgxEVOAvxw\/bwQUulXvhrS4+SAwUWR+DEqOZvfq+aPYGkxM0SdQVkzhJgefYVP9nrU8FPQd8ykxsrFhNU3lO5WvjK2zaTODgEjuPQbCo8Ud7whhr92bQt5wVq4nppGqVsNPGS0aTH5Ie3KCyfgE9sULHSOStDSgO3ozIkAu1vxYKGVxz35QBv7C3VdKGfdO23r4mh1DnU+fS9N3LQRz9qWSSrl6RGmYMqDEMuKogrkiIK39f5JefcLtdgWc8sMpftz0wCbf2i+tDi2cLg\/mCuVhwddeZj\/SPBa\/z4U++DVs3H5E1QghU5K\/LrZ6Clh82FCY0\/VUq293bkKfJz2ozKPjH6iz9vzkX2v7XjnL\/S2GplxNztI+s9N6Kyd78LQyBjD5cwnWXNZWoWHkro4OydglYIjzz6cqEx\/vpJ71q3wAlqL8ClfGKFG25kvQHr8LW8nDjnsGbbvjEakY8dRo7KHDbC0vTeJMzChpYPz9rH8xRr1FRvD85DfktMk3ySazOH5ThUd8rROoDYREah+MyYW8iT5nLKWisQ6bdKAPkoNJk8QWOC1GPGY2CUVIQhfGmsmMN21PsgDHh2u3k2t\/cPcq1dgY\/AfkXlNhg9ALTaZoFjUgTa9FQ0VQX+5DLucrsQ4uCuZBw2f3+FYkxj978rH4COsV\/d+pp4gwMV6rbFezXVaR\/\/3Lx7PEBCpBe1dehJpGI4CojENI0lAusubM1w\/iM+KdbdRj4e8LL+BpjtdndBGDa+LPYk74YR9ntiBhIN+Z9qsGgNRgMA5Ziau5wCW9tfpns4Td0myWARox4iVsK9i5\/0WapVO0K6\/4pjcNGtMFtJbSD4YrFRiYvOqgpjhuSf6ud0+xpQQuRe3N3z06z4+1HYWPTq+5cm\/QZQQVTqncwJ25\/Qeirr++X6j8DlTWD1ck1aLARV+DSdOu7ILHkALwnvPtyFuQ\/hvuu66\/NvAOF9q8RyIOJ9jVo6zsHHopgv1pC8AQfh3Tl+MKHX3Q8qUS9uoi"}
00426{"flow_id":53,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":582989,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjAgIAQA\/QEqwAAAQEIChHf79GI0z7T"}
00427{"flow_id":53,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":583110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjFQIAQA\/b\/6AAAAQEIChHf79GI0z7T"}
01423{"flow_id":53,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":616462,"pkt_caplen":800,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":800,"pkt_l4_len":766,"pkt":"xGGLNYKpxiwDYGpkCABFAgMSr2sAADUGmSVfZRg1wKgCEQG7xZzFmMrgIt36JIAYAOt+4wAAAQEICojTPvgR3+\/RoYQEdDQqFTy06\/CHKMbkuhRrnufCr4CH4kaYDxilo\/k97ks2pVONsADGnAKMobY3s0HG0iTpgstOSGeLtvgfKjgqzD32yNjuJcqRS67t3q7Cwtgs7\/PujAtappyKmHujEpulfN11kN3tmPrqFlNMmW13GFKDcgUIEPrFb1Z+KRVorno9lzxB97RGn3xLOnLPtnUTYT2MmwY+lr50JV4Q9AlSVwnN+Y5KPS33wGXoUMUhiMEYhT7mXOoEp5drndxnHyoVgMjgWwkKtX66uBjliU2dLuGfkdbThjFvsq8enWIag2ZueMS3DrsSOcj6QtlsRJJkz2kEEH0oPHMXPTYzxOEV3lDJHpGYXiRYpmiJzEBlLWbu26N54lUT68rRwqmCIeOU\/IiumHFqO+uligkd35An1qjbClAaMnG40W\/2k8Dzw5hTYMUtHF5YRhUyFOy4mDmRLJorjX\/7lBWPX0a90r7QxzRQSRXkn2HE1SYwlK9s3DzMxIwXAwMBGe9zNI9aQUGwDgD6YK3mBJ0JWqv712JpXFNRYkGXxau8ikUIfHmGDdFGXwyQsJul8iLL\/YsC7Upv7V\/6UxivWV76\/eO87fIhU5TQHoMe2BjQyeXmL8KsVJpYF34TwafWiLphdBGWLo4NlXnMbbp0XFKEbhNWapalfmAFDs8R8hYEmKk4b\/Af0WPWhTQMT4vOIYeNbYGvcaXVgUSg\/FJLhLCvX87q6rkBpCEksVECRQVmsD3Epc3XWpkmZ+Wo73XXoAXBgN2D+qR4OZz1WhQBNafvKjM7cKHdyRkaxQBOJz+2fcYn\/JDj95lb5DuPETl9Sia\/SUZ3O3Dd6CxDqWqt++rQhhIKkORoFI3jimDu4CaqnzoBSIFWwBvtFwMDAEVhlMyjVKSl2Y6Yl+VAXQQHOPNCBxk6f5p3q\/Ee8PDtjGmFOl54W+9L3kFGr0DvIfPgZNfP8fpLtrh8jhJw0cHs+Jjm6k8="}
00427{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":617961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjNvoAQA\/r3QAAAAQEIChHf7\/SI0z7W"}
00538{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":639449,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xiwDYGpkxGGLNYKpCABFAgCEAABAAEAGAB\/AqAIRX2UYNcWcAbsi3fokxZjNvoAYBAD\/dQAAAQEIChHf8AmI0z7WFAMDAAEBFwMDAEVUOOj2tGvaINrHyVOhP0kBTB8LDlsPjRKAV8G0PLMBWW4ePVJCAbmXcCnjrI+JyeomJ1V4BzSnP+GW9fNRzui7ZvfHi3g="}
00491{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":641576,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xiwDYGpkxGGLNYKpCABFAgBiAABAAEAGAEHAqAIRX2UYNcWcAbsi3fp0xZjNvoAYBABgXgAAAQEIChHf8AuI0z7WFwMDAClRVTUdkgd1Ri8nQFNd98VjxkuZgkygicyhmvcNiVIlazT8aPL8dJi3aw=="}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00798{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":370709,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXUAAP8RB83AqAIBwKgCEQBDAEQBNJKvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00514{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":847254,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00519{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454597,"pkt_ts_usec":360810,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":204952,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xiwDYGpkxGGLNYKpCABFAABMpW8AAP8RkM7AqAIRwKgCAfeVADUAOH2lldMBAAABAAAAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQAB"}
00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":205008,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkxGGLNYKpCABFAABGS9oAAP8R6mnAqAIRwKgCAfanADUAMj\/EHhQBAAABAAAAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQAB"}
00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":209581,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"xiwDYGpkxGGLNYKpCABFAABFIREAAP8RFTTAqAIRwKgCAfGmADUAMT0yjvEBAAABAAAAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAE="}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":212900,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"xiwDYGpkxGGLNYKpCABFAABEPtIAAP8R93PAqAIRwKgCAdpqADUAMKdbJH8BAAABAAAAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAQ=="}
00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":246275,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"xiwDYGpkxGGLNYKpCABFAAA\/VFIAAP8R4fjAqAIRwKgCAcc\/ADUAK6bSYEMBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":247243,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"xGGLNYKpxiwDYGpkCABFAADuMPYAAEARw6bAqAIBwKgCEQA19qcA2lqQHhSBgAABAAkAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAcCWZtZm1vYmlsZQJmZQlhcHBsZS1kbnMDbmV0AMA2AAEAAQAAAA8ABBH4uYzANgABAAEAAAAPAAQR+IMIwDYAAQABAAAADwAEEfiDysA2AAEAAQAAAA8ABBH4g8vANgABAAEAAAAPAAQR+LmkwDYAAQABAAAADwAEEfi5Z8A2AAEAAQAAAA8ABBH4g7LANgABAAEAAAAPAAQR+Lkw"}
00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}}
00690{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":247382,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"xGGLNYKpxiwDYGpkCABFAAD6F4oAAEAR3QbAqAIBwKgCEQA195UA5qzeldOBgAABAAkAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAiD2tleXZhbHVlc2VydmljZQJmZQlhcHBsZS1kbnMDbmV0AMA8AAEAAQAAADUABBH4uVfAPAABAAEAAAA1AAQR+LkmwDwAAQABAAAANQAEEfi5J8A8AAEAAQAAADUABBH4uQrAPAABAAEAAAA1AAQR+IOrwDwAAQABAAAANQAEEfi5Z8A8AAEAAQAAADUABBH4uYTAPAABAAEAAAA1AAQR+LmN"}
00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}}
00642{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":248721,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"xGGLNYKpxiwDYGpkCABFAADVXGwAAEARmEnAqAIBwKgCEQA18aYAwXDXjvGBgAABAAQAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAHADAAFAAEAAAtxACQKZ3NwZTM1LXNzbAhscy1hcHBsZQNjb20GYWthZG5zA25ldADANQAFAAEAAAFNACIKZ3NwZTM1LXNzbAJscwVhcHBsZQNjb20HZWRnZWtlecBUwGUABQABAAARlgAWBWU2OTg3AmU5CmFrYW1haWVkZ2XAVMCTAAEAAQAAAA8ABF9lGTU="}
00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
00535{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":252214,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="}
00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":252419,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"}
00635{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":287759,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="}
00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373077,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8dgsAAP8RwELAqAIRwKgCAdihADUAKKMQFxsBAAABAAAAAAAABG1lc3UFYXBwbGUDY29tAAABAAE="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373420,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00514{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373553,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":377826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598385,"flow_last_seen":1582454598385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":385187,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454598387,"flow_last_seen":1582454598387,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":387073,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"}
00436{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":402840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="}
00423{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":404960,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"}
01123{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":405072,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqn\/AqAIREfi5jMWPAbsN6rbVpgxzC4AYBAuh0wAAAQEIChHf52v26Z7FFgMBAgABAAH8AwN8\/m8PXyQO32u1iV6RcZDnMbTrrPixNIjOuJcPKyu2YCAqbhRZg6XgGUsXaOUau6tuuVwQheEDrsOtyWvnbE4KuAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAAB0AGwAAGHAyNi1mbWZtb2JpbGUuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAqltozl1XctQvleGh0N7IIp3TCS7HFVxwjJhj0\/2bbZgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00436{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":412214,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="}
00627{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":412843,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="}
00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00424{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":413932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"}
01122{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":414051,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":416547,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":418108,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"}
00437{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":426588,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="}
00436{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":427688,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="}
00423{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":447691,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"}
02380{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449324,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXURA4AADUGAMFfZRk1wKgCEQG7xZCMPaCToKaarYAQAOtcCQAAAQEICiLQBMYR3+duFgMDAHoCAAB2AwP7MB3Ylhf8Bjmes916ZWnzOGPYuszhpJ41UUFXi+SNbSBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFRMCAAAuACsAAgMEADMAJAAdACBmEKt79HIbQLnUjzrNZkYuOEjGdzFKsqw1qRXq4w9bFBQDAwABARcDAwA0ljir8wnOluy8B0zgMbdPObep5nnR7HaAJhstM6+gk2+lrnuD5wrdL8n5GVkdE18ZdpoV9hcDAxLgzvI5agAXt0\/jf07ibdmTKUEeRmMhrEM1GtVlxUupp9cg9SbslBYtKJaa0wT3Q7n3fJj6nRL0n33B44erSqtcAXxWyOSCmmVYqy7bcy9\/ZqcknAf7xOgb2MpPmfOh\/GkVJb\/y9davzmzWFOOdqPyRwMptmxIFSQTNQJlvfRrR72IT5\/HjFhACqUfKOqhuk7Xafo8vBqvrNGahTRTY6c+tI4UTsHFA0vUJvIno+IiQITsXfCnYml4Uv2xQjOUAe2Y\/cW1p0X+BuUDOLo1Wic0DHWyEu+tPxQh2275aPBpPvVdJU0CEGYigY4Y75QfgTlTS0AgYeIasNOwAAO3aswMWtsjrhNLDIbDODYmB1g74zQdD0dftVwJESceAPTQs3Nzd1bgtAwffH7lbOJS\/9KuTO\/0eD22ACK9E0p+39c\/71hVVdICNFReLsV0EM\/HtTV7fwi7XO8AT8H1+e537aWNU7Sljch+JEYCU7XZywmVVHo5qEkXLNc8kvJgxy2blQNJx\/1W1wF7XOpLA4sRVwo5F8jS3Who2VT1tU81QZB7TKQuceQNYlj37gGFlBq1Ihd39RKVQTnYV\/H5Y6wvXLS575JZcHskDBxEJXSYG5QinMRLvvMWO4ibsWryM0f4k8hdtRN6OEisLdLATXj4wSWMVZbsE\/AeaQREXbQQJqQR56YQkcOaBQd1g6i9HZntHr7NNmNdVgudO7Jr5RQ7A4fpA7FarhYETRj4Qs7YqleA55SLFpMO03lOS0J+LuQCzHqPQpcL1vgeAx0KZWohWUy8RyEaLjWeYdY1\/bpOekS3ec984hbODzwNEF9j2PDdf1n+UJyM71VjXFGvIg\/LE5GX9oaJnMAdkZRMgDyhOKmkDNUyiS6bGeXHTny43umPpljzopULeUHJZJXJX\/RGHZOs1pyYcTwgkmWQaN5HxpWqlOuFGDq9VPRRmMYp5Hge\/dou\/6j7hMO84QWfe5wfSGi73Qo9t8cN1gWEbVNG\/fdgqlh6Unzg3B3bDoh+UHhAJQ2ahOXeFS5Xzm5cYASgS1IUOO4wbkFx3at6f48iCDuiWP\/eCXYpjaWKv5kqvKEILikRgUJst589WqfVdS6w\/0hb+9r\/oHxMPex4TSB\/TVchrK2AF\/cS9BZeYPyi5X\/4NF2MXQEKhFtereXVK+4NboxTot3bhQRZd566HxD4vqcHF1fnW4aJKd3jesYhsVMy2SCue+Y5KfRbFFY1k7KeoPUk4IuoWQGIrStG\/lkKor8HmycS\/EBVwVrmZt6Kgq2qdQwVJ9hNmKfhYq2nm734cURIhInk7p4vSYE+9Ksxh7CNMfEXEOx2ejHoWZL0waR1p4OYum+5J6hauPKdjyxJ8hu0cfb8jZm65wenrTUkHsp2iZoDhU+GVXDsHRe3EkmtCmtH0g60El1+jF3SekK\/rE702e4FfvcbNiJkwF9cwP2jaq2wnO\/LmW96JyGE2rpz+L6diJGgkeP81BLya0a9IZ4Z5hQfNZvtj6aE4YAUmvP+Px4mMhNCmF0s4XabUIaUI+8A\/1kEO3givAjhFbj3a\/Zc0mfbdQnlREOG2b45q7n67EmIvPh1TiGPx4rU9J4CS+qcLsJJAQWU1hLc+0dKW8m6T9Z6KdN4CLv7BM8hNVxz0C7T9e1k+mm41yvjp617Y"}
00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02377{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449374,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXURA8AADUGAMBfZRk1wKgCEQG7xZCMPaYzoKaarYAQAOu5FAAAAQEICiLQBMYR3+duyZGX8jvKHfYO4irLOTOuIwVrfsn8cq7ShQ+rERgUhgqi6YmNFlT1tEHLKZr\/xBPk5ivvhQoEjta\/5ln7FGkX0G1hifL2iGMdqH4zeXMd66Gn5w3vrK84Hp36TjUG0PG5j1PqDUpE+nKsrrdiXXTY4Lu6jAtZcIGsD9zvRTsEnWLiyUZO1nDafPfwjNHs7l3dq\/tmFUmfedrLOjVPeE91NaK+EzLweJsfU2IYoeXWWYlvTIFWI8H8Jh+ABLwLzElfiLKr6HoJf26rjCeNVmDi60RMCQCAILyxEAxSRAzecVI9X0wh+0CbyTM0Y0tWBPHM97lKnVLGAY5RjNihQ1S\/S\/+cDoikjNb1EPO59tDCzwRpuxbG8jMuwx2+u4Cdr3i2K6sKwnbJYKqFopcpbPhqvJ3+kHvBTN3a11hQBNCDKj50MJNqciDB0XJt\/yGGeuQAoUjNjYCWgf02z+8ZiJYMi7WbjsP+lo3c0jFHLu3nijBPEocqsCzjg\/8psGV1DZFikyR\/JIh0WiDtkHaPpJstEo7Hl0POAnv0wQDpEoBq+d794F7yW6Hpa3fJ\/kXSMGF5xEsKCqj+tU7esDEN47XEv01WaHmexrR1smom9ctPkTzfbOJbXvZO8ZMYSyEebTvL3mg2\/GzDH4PWS21b5YmHXR2CFfrxSJ6aLzZBRR+jV38LPa1gaNaYDfIBEW4FF4BKS4jycvYyZVPdcaNYSJ8n6ljDUvxY7vDslKir7QfcoG9PCX1Hg4NeXr4kXy2H0lqqt7bTy4LTs6Xb\/SRNHcNQhxvkanyNZWy35O\/bGFco7+K4vsa8jMMZQQypTm9Z5OlQZpPKpBJQMsK\/jklORBG\/vsxrDEimgNk00N6kJ8Jus9MTg1ybR8q+oPkdFk7J\/VqsoCzIT3NdF0ZNqbwoJwSoxFV71EMS53AlpUVslzou8u\/KPAL8\/UDMNxPu6hKu2ahKbLO2sx0v38++eqTI\/eG2KXiUzOqq7E+DLRawF9Kg+0UIMmvF2Zw+xibMbh0xT5ju9GeeFHKUI04y8JDULZXfhU1aA9JQHhxedp8UHVs9Z3ERqhDe6HcFXSn09LjTmicIbxVR9P0IYXU\/N41sUhFDWeCF6tlkKHIdIZSfhRdlvqY2Elvt7hBRL6rlZr4CW9LUytEf8CTZkAwuTUiyYwvZ6tDzwS2+7mv+S0zCYhvbpPgrlTE8f\/8lpgLMEGY5dTD2TCGAkXbRJj3Uc5cu5l\/IJvomHJS+feST9fBjUJCFiz8e6s5HVLmq8FlkyHWuz5xt0mVHXfkX8k6PYQRAzxgfrFxSpRCUi4CHL6k5jx0Tn1JpzNVu2arVC7NCB5CZSLqvCWZ9L83uwTdkXfuuW6Lu6Ji8UQSDQNrKgq538gQnBVbcs46CzmvzuPpjWjXvnrzn0U95nZ+4P6GuTE8qv2jIVSeRG8x7i8\/tl8WuEBYDg8iCApyrnYHv3qfp2iXaBAdk1yen\/z5f9QVm0\/zgqYLWSjsaPg3HqTWk\/bqAVfos8J2lmflut1X4h\/XbAzFwWu4Z39laa9jJvPbH6Z86rnkWEVIfnSDJ99wIv7teVIuhBjRYWBjYHU7BowK5DmcOsw5vttcV7nbRFj1yKK1SAhG1v0wwk\/ZRSgrQz6rAYg2qfhFce1WyPy9ebxR9HZIYx+E+PuV32eQ5UUgDn6PkJWd6i+Wxtngi31RNqpYYfy10xvvBSUuHLq0i6lso1bctbo7nuLzsyOU2NQv5nMTJWYba5BtK3zg1ZWLpTjytpP3W7SsJUZ8zzE4f2rkalNVFjyNZnFonNBNM5oIZbbH9ROxSO6jjTh3j9b48atfzrw+zKL2zmeHhJkxYqgJsedvdgnRVFp5ll5IRC65Iju62h6b8tftHw1Yc6W\/D+ADnIWVKPbT2bJtq5Nql1EmIa8FZ2FKK"}
02082{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449499,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0RBAAADUGAZ9fZRk1wKgCEQG7xZCMPavToKaarYAYAOvuyQAAAQEICiLQBMYR3+du8Ig3\/fi96m2oAg+EtKElv0O00btkWjeqsgPZBgpVAbZzZI4d88yrnp6ivOCjb6OwMlntww1S14MJHoHwBgJXO2kcXeXRxYDs1g7o1p8uFAtyv2kZaQLFpMctATNWlCpQUlcKXPear5j9IzTHIA3yKy6p\/rdeokyGi\/Ul\/2a1cgg8BCEBOROS\/4xWvQpOCMf+RwLbyPYLlKcLddBDeNyGs\/PVaXJwch0+uYo5ERDqUdtWQ+BzAqrNok3mL\/KEezSa6ktIRR\/80db4rpwUHuuDKMUynNwB9qj5YK7wddEFxSkPwwuN8U0oFOAtQso01MKse2nTGbQCyb73BcbinudCzXWyg4\/a5s0g47MEVtzQysl7tKTFyhwxK7YfF3us6\/4HG80Kpo2O7XT89nlFN44JX+e1JPSfBV1g28xXZfRg1kGd8SoAtVNNc+W09w2WkHo99IEMdFGMjKEkMAUqplMzqnGRazIyE+NPBbLzi4KJGE6qcex42SMidV2T3S8KoKHk8g6uXodbon7P0nQd2mTY8rQFDbd+hlio9S3OeREvo0AAiFnFO5oVb7wt8H8r7biJHyEXuy7Iqb7bIB8bcpjh64QoxWzFye0FxVRBWbxoGMU4KHM+Y+gzAdvUS4kG6ZLR4ELw0+0+FFTP6mvLsMFsoU8eAJnSho0U5Fo7dSBthcSMbnQeleUmRenyh7zMFGZ8QC\/vB0z0L0lQJkAVgqoHTYn0Sssc\/l9oiYt9KartvN6UHyRu5q3INRKqxGgfbg+OMcS1WfqZS3ItQPRdeqy8uwmsHpkKrjBNDGczIUHE+\/oVjGGraXbIA4u3HXkYORj027AtKElOwM6sVBtg2UfthWXzAa6SEI7xYP\/F4RElFK1\/I7KUL+FrxWrBLyTcm9H7gOiACqrDoW7or9Z9jJf35i+U06ndO\/tRO9o124h9ChCm9S5Z+a5af7hWtK\/PMfPAawRoNl1t3ANlvISjcpvdF\/\/XmvqAnx9J8GmSM\/gPHvKQ0FKONCfhxbGOtlfVQ3Rwx7fhiZsjCqiXbCrWTs30\/o8R5saBw7URp2JMAfU7L2lNqvw5+uFpxwEky4yT\/FEy3pjvTumtn2G12rNlVGu0lars5oefezExu8xjKVE4LG7rs0Ov8PY6jHKcxhB7ZRupf4p0C+H0o5cgIZ3kLbxovsYNVBdltRsw55MgiFEGKNWVB666Gz1AoDMxiMSLbd7g0nQ3uVahJ6iXv0F89vAxb+o4\/Di3IKHYQD0c9+PvH562d1rtO0QkuorIvKP+5JBlK69rHoVsKqOwn2DJt\/ZvkyJkTK4U0UhnYh++DKOcewijrt3YZgmd8PK0Ddogb9y3urTzjkUm5k+6qCT+V5JPICJYvE2ogjUfGACoIXaU5xv7wqfrbquqQZEgLP13WENyMjZv7xQtgKuEo22+FufdmxHVfdyWj0NNxNBf6GQZDLmu9YeUKNXHz6aVG+jLgv1\/U5zbIRb6JaQbbHLh7Sr18HawMXNn3BiUjhUAYgMkJuBwFiK3ehD22oEcp\/DfD\/Sn0wL4houeSNuZvPuN3\/IGfQ8p5kU+hv5GridH4tSrq6mjfw\/uutdjPnb1UqCZfHp3P9M20fcnYNVXax7zLXYpyQ=="}
02176{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":450581,"pkt_caplen":1357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1357,"pkt_l4_len":1323,"pkt":"xGGLNYKpxiwDYGpkCABFAgU\/RBEAADUGAVNfZRk1wKgCEQG7xZCMPbCToKaarYAYAOtpVAAAAQEICiLQBMgR3+dugmt7KJxMVZWwF945F0lKmEycQpJpUY6bqgQAK0nf+pJkj8E4rQ2x0y69LVDPgTpM9+czdnZBqCtr0boqaxCnCou3ABaxHRDO3QOoQ9srWmvjnio9WOJc0RyydygK0sfNQgeRBBD5TX7AJOFWbWBNBRFb\/rgvGpac1+gfT+sF0qDvHzBTh4qZfWt70wb6kUq+TuTjHNkv2NPrW10foiOkq104Veip5IYLlvX6jJJoW9m7yGqg+HmD84C3eofwA7\/j423hl8zwElvTVgCT8CYQ9GHIJ6J23Mo9iJ0yPb+KmOQ17V1w2iJlgD1hnIzDTR\/9eawqPpUDrAlegXvQ7qyX1QVZ0ccuJgRCoivbXN4sI3nUqLJeAJlVwD33DOkrlN4LKKcGtzjjRKBD9PqOUhK+vucR4AlMcOloNDD8whM3\/7Uvh0Rw\/x\/wQIKA8O8PaubbivYz9ZuQee\/1+N4tl+B24UCFHS97462jIlvL4MMyLJoBmX4bqcsl7JuhnshEZqYRhAxv3E3hImAPiqBb9KTUUIYfSLduJhEkb5B7TROUVUIJnXtE2AEoTa6t9+vi6q2w35Hp2F4oXNQyt+Pg9WmS128At3EEV+7udejZeogSutH84l3\/gU3DHjXQngDFihTAe5lPhecROgnyt5VwMd7O6YmRVfsOj42H\/ZH++1lodHkSGZ\/Ns0idkEjNVeIUJXHatyAGizQCJLChFLJtUpsgx+LqaYSFyasVirotsfxW8fPr8gz6AO6X1xrOIthBzZivHw\/5Sg+6fuYKlg5RzNqe79T9dBIWg+AaXnnTPYtthEfqmlkcYaXftLR08355QpmDcgA5h0VZX1y0\/0z54asjoqxdopyEaM5UU23F2h+Pp8DMPXbIncESNtJCRk3GceU0qa0huwcUA9dR1QqzBt2TL3riXhYuTtVvmRtEon6U807KGkbxbuHtHlhdW3cSI+tTfBz7I+hXABTeTJVO4g8mv1BAmUM6vyDDncjK3Xj8YBPPycJiFQ1cUJ7jLRuEqp\/0kGCIEiBEfdqhMqk5Rlld4JEvLX6jgjxrqCuMUDOlsUA6yL662ZF4Vpvo6uo464ZQOZz7XsmdWiOw+RaFw7qhWQ1reG2Q2j7DyEkGPSbe6onvVnDamhq5+jAVXV0a8G7cckRdj8uMRmwc8l\/ydunQOPjhiJf7Il6ktccZOhkjPvbcy8VHUrWFXxpPjD60h8WX7lXO3L\/D0Tz9LtjWnvUnxEoH+xcDAwEZpPOf8OFnzfkDs2drmUC6EcnKQ3SAKivt4v8R4Q1FPQe4UISNG0FODAwySWon0CwLOpkYx9CT8LZDL7bln38LoKfHARhmHOw13Wi3wHw9AIT\/VGlLKqXWu\/PxlR3mPZEujxY4g\/rVWzWQBMFz66kgYgXI+TuVGbshEvmZSiDhUW6ikCjks8NIoL1xirlrFthKY20YhUaE1n4byzL6AGus2JKRCFoRjPbENPskoqCjsbpRNInibFuyIJ43zFOOhfjsYoE\/IW9NuWAlKBlzZlwr2PizZJB1SK38851iXxDDYjtusoE8VQPuPm8sO706fvdHg7kJ4\/ZNC0bqmVcnsIxJ7YBRIv5znHB7naMauQSrBN5ldew5TnMLuZAXAwMARUhAR5euyYskRoGFBFBTF9Qk097xjzfKwqne\/fGRbtdQ5mNxRFiSfFKQqm5Zaif0061VAnpXWKF26Uos\/8JehejdlVj3gQ=="}
00437{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":453979,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="}
00438{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":459069,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="}
02177{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":530624,"pkt_caplen":1357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1357,"pkt_l4_len":1323,"pkt":"xGGLNYKpxiwDYGpkCABFAAU\/RBIAADUGAVRfZRk1wKgCEQG7xZCMPbCToKaarYAYAOtpBAAAAQEICiLQBRgR3+dugmt7KJxMVZWwF945F0lKmEycQpJpUY6bqgQAK0nf+pJkj8E4rQ2x0y69LVDPgTpM9+czdnZBqCtr0boqaxCnCou3ABaxHRDO3QOoQ9srWmvjnio9WOJc0RyydygK0sfNQgeRBBD5TX7AJOFWbWBNBRFb\/rgvGpac1+gfT+sF0qDvHzBTh4qZfWt70wb6kUq+TuTjHNkv2NPrW10foiOkq104Veip5IYLlvX6jJJoW9m7yGqg+HmD84C3eofwA7\/j423hl8zwElvTVgCT8CYQ9GHIJ6J23Mo9iJ0yPb+KmOQ17V1w2iJlgD1hnIzDTR\/9eawqPpUDrAlegXvQ7qyX1QVZ0ccuJgRCoivbXN4sI3nUqLJeAJlVwD33DOkrlN4LKKcGtzjjRKBD9PqOUhK+vucR4AlMcOloNDD8whM3\/7Uvh0Rw\/x\/wQIKA8O8PaubbivYz9ZuQee\/1+N4tl+B24UCFHS97462jIlvL4MMyLJoBmX4bqcsl7JuhnshEZqYRhAxv3E3hImAPiqBb9KTUUIYfSLduJhEkb5B7TROUVUIJnXtE2AEoTa6t9+vi6q2w35Hp2F4oXNQyt+Pg9WmS128At3EEV+7udejZeogSutH84l3\/gU3DHjXQngDFihTAe5lPhecROgnyt5VwMd7O6YmRVfsOj42H\/ZH++1lodHkSGZ\/Ns0idkEjNVeIUJXHatyAGizQCJLChFLJtUpsgx+LqaYSFyasVirotsfxW8fPr8gz6AO6X1xrOIthBzZivHw\/5Sg+6fuYKlg5RzNqe79T9dBIWg+AaXnnTPYtthEfqmlkcYaXftLR08355QpmDcgA5h0VZX1y0\/0z54asjoqxdopyEaM5UU23F2h+Pp8DMPXbIncESNtJCRk3GceU0qa0huwcUA9dR1QqzBt2TL3riXhYuTtVvmRtEon6U807KGkbxbuHtHlhdW3cSI+tTfBz7I+hXABTeTJVO4g8mv1BAmUM6vyDDncjK3Xj8YBPPycJiFQ1cUJ7jLRuEqp\/0kGCIEiBEfdqhMqk5Rlld4JEvLX6jgjxrqCuMUDOlsUA6yL662ZF4Vpvo6uo464ZQOZz7XsmdWiOw+RaFw7qhWQ1reG2Q2j7DyEkGPSbe6onvVnDamhq5+jAVXV0a8G7cckRdj8uMRmwc8l\/ydunQOPjhiJf7Il6ktccZOhkjPvbcy8VHUrWFXxpPjD60h8WX7lXO3L\/D0Tz9LtjWnvUnxEoH+xcDAwEZpPOf8OFnzfkDs2drmUC6EcnKQ3SAKivt4v8R4Q1FPQe4UISNG0FODAwySWon0CwLOpkYx9CT8LZDL7bln38LoKfHARhmHOw13Wi3wHw9AIT\/VGlLKqXWu\/PxlR3mPZEujxY4g\/rVWzWQBMFz66kgYgXI+TuVGbshEvmZSiDhUW6ikCjks8NIoL1xirlrFthKY20YhUaE1n4byzL6AGus2JKRCFoRjPbENPskoqCjsbpRNInibFuyIJ43zFOOhfjsYoE\/IW9NuWAlKBlzZlwr2PizZJB1SK38851iXxDDYjtusoE8VQPuPm8sO706fvdHg7kJ4\/ZNC0bqmVcnsIxJ7YBRIv5znHB7naMauQSrBN5ldew5TnMLuZAXAwMARUhAR5euyYskRoGFBFBTF9Qk097xjzfKwqne\/fGRbtdQ5mNxRFiSfFKQqm5Zaif0061VAnpXWKF26Uos\/8JehejdlVj3gQ=="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":542807,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"}
00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":544705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"}
00602{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545135,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"xiwDYGpkxGGLNYKpCABFAgC3AABAAEAG+77AqAIREf1pysAAAFAslesym7UszoAYCBZ75QAAAQEIChHf5+kdNCSFR0VUIC9ob3RzcG90LWRldGVjdC5odG1sIEhUVFAvMS4wDQpIb3N0OiBjYXB0aXZlLmFwcGxlLmNvbQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IENhcHRpdmVOZXR3b3JrU3VwcG9ydC0zOTAuNjAuMSB3aXNwcg0KDQo="}
00699{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
00424{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"}
01123{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545339,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGYlTAqAIREYICLsWRAbsZOusY368Fo4AYBAtvbAAAAQEIChHf5\/C1T9HeFgMBAgABAAH8AwM6mEOdusbq\/ybUNBuomqShrPK58qj3XjuDYY2EHh6A2yDTYkCcwL+VPEDok15qjRZu79\/9di6dUR8br4F4StJmaAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABsAGQAAFmdzcDg1LXNzbC5scy5hcHBsZS5jb20AFwAAACMAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIN+r0D4xweI5p++PFWedre1z33L6xxisP0vyRpUTwaJfAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00427{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545614,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD2r04AQA\/TbXQAAAQEIChHf5\/Ei0ATG"}
00426{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD2wk4AQA+vWpgAAAQEIChHf5\/Ei0ATG"}
00426{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD21noAQA+DRpAAAAQEIChHf5\/Ei0ATI"}
00442{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545798,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppqtjD21nrAQA+AckAAAAQEIChHf5\/Ei0AUYAQEFCow9sJOMPbWe"}
00426{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD21noAQBADRNAAAAQEIChHf5\/Ei0AUY"}
00425{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"}
01125{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546273,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWTAbsyJO8WaVjUYYAYBAtPcwAAAQEIChHf5\/cAH8DDFgMBAgABAAH8AwOBTBzeu5w1Vp+4geGIpFJ17FWadQ3l1s5HLAc6L2e5gyD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zswA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIPp0HJk26NqhkuEuWSOpHU2lL9tl\/4KvwEcCcIghS34tAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00427{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"}
01126{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546492,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWSAbt\/OqmN8vqp6oAYBAvCpQAAAQEIChHf5\/iK\/qiVFgMBAgABAAH8AwOL0zmb\/pU6qAogKIFd\/Y4fHsvdGFAF8ZjXl6m9+L0uvyBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGFNND5R7cze3Z4nraCyXLPxW4F9FRO9m0bNnjdxh\/Y+AC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":556458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0f0MAADEGfEMR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6uuGQAAAQEICvbpn14R3+dr"}
02355{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":558094,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0QAADEGdqAR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6v0iwAAAQEICvbpn2AR3+drFgMDAG4CAABqAwM5\/rpwu4XTsZQaX3QVQs01vHFjEUurGLPVnyNHYTxc1SDLsh\/zpULORnljfAzCAx09xii78Mvy2XehUxljdu16MMAsAAAiAAAAAP8BAAEAAAUAAAALAAIBAAAQAAsACQhodHRwLzEuMRYDAxOPCwATiwATiAAPPjCCDzowgg4ioAMCAQICEAYmxU4Ra06nkoVjMfiS+ZswDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTIwOTE5NDQwMloXDTIxMDEwNzE5NTQwMFowVjEdMBsGA1UEAwwUZm1mbW9iaWxlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQifiE0uVN9JNPaVE\/RwxSRGnMjn5uDQ1GBxydIgahaf+LmEJkXkho7D\/TwA2AuzIlJvLZM8glg+dO7rpqpWLWqOCDMEwggy9MAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAU2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAChihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsGAQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2EyZzEyNTCCB90GA1UdEQSCB9QwggfQghhwNjctZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0OC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDUzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzQtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA3Mi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIUZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwOC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDEyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMDItZm1mbW9iaWxlLmljbG91ZC5jb22CGHAyOS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDUyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDk3LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTUtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA3MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDMyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjktZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNy1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDEzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzgtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxMS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIxLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjctZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0Mi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDM3LWZtZm1vYmlsZS5pY2xvdWQuY29tghhw"}
00868{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02350{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":558173,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0UAADEGdp8R+LmMwKgCEQG7xY+mDHirDeq42oAQA6s5ugAAAQEICvbpn2AR3+drNTYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA1MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDU4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzktZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0NS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDQ5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjgtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxMC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMDctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAyNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIwLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNzEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDk4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE2LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDQtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDA5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjMtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2MS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDMwLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDQzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDAzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2NC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDI4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjQtZm1mbW9iaWxlLmljbG91ZC5jb22CGXAyMDItZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwMS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDYyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAzNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDY1LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2My1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzMtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA1MS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDU0LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTktZm1mbW9iaWxlLmljbG91ZC5jb22CGXAyMDEtZm1mbW9iaWxlLmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRl"}
00425{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":559758,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgx+S4AQA\/Sh9AAAAQEIChHf6AX26Z9g"}
02369{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":568083,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0YAADEGdp4R+LmMwKgCEQG7xY+mDH5LDeq42oAQA6shOQAAAQEICvbpn2oR3+drbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDHv2aknMUATDctH1tf12x8ZPC\/JMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAnEGCisGAQQB1nkCBAIEggJhBIICXQJbAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFu7DnTkQAABAMARzBFAiBpRU8mgJNh7GNdtZlMDRQcbjPi\/4\/\/wZ1ToW0H2gvClQIhAKi+60J30VdgFpxRYKTmdWE8CoK6ZWdTas9ansmYq4tOAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFu7DnTkwAABAMARzBFAiEA2q+VXdLLQ\/joniCshAHmAnmx1V02J8o3bFveRb\/O8MICIBMznQ\/bkaGj37gml43Xzksn81jC6xtX5WXRr+Wrcg+3AHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFu7DnTkAAABAMASDBGAiEA8makDlmuV1GM019IeJgi37pxb07QA4fVn0MSstosS+ACIQDSBPmm9pqmEGk6GgJMWDZZO76J5HdvzY9Onihu\/B5Q8wB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbuw508MAAAQDAEgwRgIhAPNzBlh77K6\/TCVzmlBL\/zxWd4Gep8WH6zjqHl\/jrbV2AiEAncwJnBtEoBne9WX9\/03GUFw7xUpAi1lLAYshWh\/OV1gAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW7sOdOUAAAEAwBIMEYCIQCrqKlLf2ZhfAgsqqQ3Uw6M8nHId5iZUoGAJL0wRlDF3AIhANDWapL6dvUwkUd\/IH9zBHKBkUdvawfshpqQD5bP7ZqAMA0GCSqGSIb3DQEBCwUAA4IBAQAUmS79S7V53j1eiL1DYhfB9A2futkpnfFx6fPZxjwGyDSXhRr+NZuwXT+6J+uaNORrzLR0Zcy\/5X0Upu36o7CjABWMTf7aEE4nAq2dnLcRFZsXr3zuCGDT2SOqEA6uyF1nLZtAs9s0YOGP0fsYCTif\/tobr2lLa2wL3YnMmixppdFlMdI74ma1RTXoziDfAWc435upIpKZaEtvjjeGlBCoo+Dg0ZqyuQiWJju1f5jrBl6HL2WkYwZGnSFqGxVmQzMLLqgLd9AdvOGP2E\/WouTxaSHGAPr+2eisbUVvtS7fkprQohy8YHQV9mEkVnFRBXtiep7KPYGCqf8VeZyQl3bRAAREMIIEQDCCAyigAwIBAgIDAjp0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTQwNjE2MTU0MjAyWhcNMjIwNTIwMTU0MjAyWjBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQk6EdR0MgFrILa+vD1bTox5jN"}
02375{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":568201,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0cAADEGdp0R+LmMwKgCEQG7xY+mDIPrDeq42oAQA6uEUQAAAQEICvbpn2oR3+dr896\/6E3p4zaAB\/xFG2p8RYauVtOkCX9hDWtdflJrfbTIOcT0Zzr3g84Zb4YvfkV+RxxnUsqVBV3iNlGFwNRngDVvFd0+\/R3S\/Y80UNjsdiq+49Pa5P3I6ygClhGXF2Ec6cRZO0LcMtEJHdqm0UOG\/16yvIzPZtsBiwKulEjzOI\/96jKoCOyGl1GUJD5JSZZT6HmhQIHpBbuTlVH84\/18EUv3ngizFUkVB\/nRN6CbSzL2tcTcatH8Cu324MUpoKiLcf4Nkrz+VHAYCm3H7Qz7yS0Gw4yF\/MuGXNY2jhKLCX\/7GRo41fCUMHoPpozzAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU2HqURHyQcJAWnt0XnAFEA4bWKikwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQAWR3NvhaJi4ecqdruJlUIml7xKrKxwUzo\/MYM9PByrmuKxXRx2GqA8DHJXvtOeUODImdZY1wLqzg0pVHzN9cLGkClVo28UqAtCDTqYbQZ4nvBqox0CCqIopI3CgUY+bWfa3j\/+hQ5CKhLetbf7uBunlux3n+zUU5V6\/wf08goUwFFSsdaOUAsamVy8C8m97e34XsFW201+I6QRoSzUGwWa5BtS9nw4mQVLunKNQolgBGYq9P1o12v3mUEo1mwkq+YlUy7Igpnioo8jvjCDsSeL+mh\/AUnoxphrEC6YXorXykuxx8lYmtA225aV7LaB5PLNbxt5h0wQPInkTfpU3KqmFgMDBbIWAAWuAQAFqjCCBaYKAQCgggWfMIIFmwYJKwYBBQUHMAEBBIIFjDCCBYgwgaKiFgQU36Vol+mDVpj5IVylIMwrxtbU3WsYDzIwMjAwMjIzMDExMzQ0WjB3MHUwSTAJBgUrDgMCGgUABBQmhIezjFAVKZfb1NF+N\/8\/LvMVaAQU2HqURHyQcJAWnt0XnAFEA4bWKikCEAYmxU4Ra06nkoVjMfiS+ZuAABgPMjAyMDAyMjMwMTEzNDRaoBEYDzIwMjAwMjIzMTMxMzQ0WqECMAAwDQYJKoZIhvcNAQELBQADggEBAEMltyv8tJx1ZKkVnPUUGZ\/WakD0JOnod6z0CRlhCDJ3gNh+\/qto75ZiBjaJ0sPZoz6BU\/5GqH0pC7qPeA\/fdumSTm8EhT2sG0SUhbN7cb6V44taKboVd2+JpReQ0eT1DSfmpBvz1p8QQgtWA6EfczJP2Lvy9IdtuoULUv6N6AemjldwxgvuWGAFh\/RfHprWNldlKwycyFusGiqrVRTN9usJwJUuY4oLfbiA6ZKY4OqMu05H3m+bxXmidSOUT++QTRzjuAmANZ1No41dFUDe6cC+I53sxkhBH+4C1FX5OUM7QjDs2UPXG9fAfvJ8apLhqemh2FnOwztowCDz0M+amqqgggPLMIIDxzCCA8MwggKroAMCAQICEAyx1Y\/5QDlfRW3T86FXBVwwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJ"}
03041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
00426{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":569580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgyD64AQBACcNAAAAQEIChHf6A\/26Z9q"}
01724{"flow_id":20,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":579201,"pkt_caplen":1026,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1026,"pkt_l4_len":992,"pkt":"xGGLNYKpxiwDYGpkCABFAgP0f0gAADEGeHwR+LmMwKgCEQG7xY+mDImLDeq42oAYA6vOFAAAAQEICvbpn3QR3+drBgNVBAYTAlVTMB4XDTIwMDIyMDIwNDA0MloXDTIwMDQwMjIwNDA0MlowTzErMCkGA1UEAwwiQXBwbGUgSVNUIENBIDIgT0NTUCBSZXNwb25kZXIgTkwwNTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuNASekHmai55a2AA8WP2cLXdQEaNKclmOQfl5zAqJzkgeg899ClP\/K7XAMAqk4tqmlGJ8zb3kWoXsonC0VZAV2pdMjDx+XzWt38f12PXCbn+YTQ3Ia\/UxyJ+dE1VBZbjBzoxFvH7XvS1\/F0aH7ROSrQWX2ZMRQbRXTZtk6IHxr8b+Fn1mGboaeSL+Wax5ZkWQiXlh5sYCIKg0\/J24AfRE+j4KovXIigU4+j1Hmh6PyYmzkVpT9wqRhGDpuUOlCRLf6veVPWCwDswbhfx85+fNWhbNnBxT\/BWIjaLAkH1dcLlwHc4djK+OEvMjqF6K2e3x56cz0z9gdFObdNIHOOBlAgMBAAGjgYcwgYQwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBTYepREfJBwkBae3RecAUQDhtYqKTAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBTfpWiX6YNWmPkhXKUgzCvG1tTdazAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADHUTDZcgrz+VGTbly9lQDH+jgwaQQ\/udlTuHrl8wLnpIC1zJK2jaUktjcnjd4RIPRTZ4OYinH2q2df7YgU4K7ILpYyCO9xA9d9J4yW1EeP2NvBf1MBNYw0OI41QBvAwkYS\/sV+RUxlrWP0qD8R8LHTNftYYBBEFKFKMvdN\/p8sI6smB8BFx0LJtw+1sSet\/k+BApFY6BrC3LzqKQIatLQ4QfQTOSU8SqXwE0mdnTOyZ8OM4HF8eGliqBxAxPked9fl38Ne0Oa2s5l1RJHgNfCs1\/QIUI2ol1CB1o67ftUMFottwIgS7Vy8CakoO14D4S1xs\/U+fnXKKRtD8Z5T58MoWAwMAdAwAAHADAB0gABPObQPvbCGqVleSexP6W\/7vDllutvbDrf3tkxDNBBYEAwBIMEYCIQDOz6wI1gh3TwOiak8Zz83\/ebwv2DH37QCU9A6wZxBCQgIhAMu6h9hFcJPj5WUCBZ8V3O+QUCH7JFq51R+ZQ2zLIyyqFgMDAAQOAAAA"}
00426{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":580611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgyNS4AQA\/iS0QAAAQEIChHf6Br26Z9q"}
00667{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":582484,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
00425{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584084,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0nTYAADIGrQ0R\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVURAAAAQEICgAfwUQR3+f3"}
02371{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584601,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUnTcAADIGp2oR\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVBGQAAAQEICgAfwUQR3+f3FgMDAHoCAAB2AwMyKF9DOKuLw5bBJ9NVFrrF6VDCVBOwZ68rYpvChcZWzSD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zsxMBAAAuACsAAgMEADMAJAAdACCkt4j8DfZ7YKSUflqfW1DYudx6NFOgOWG7+Cp946\/oVxQDAwABARcDAwAqLFuqMhmooVCeSjCEhpoKgBvKl13GFVCOJk3aR6rc3XPfPiJvinusQIAKFwMDDhhIAmeGzJRGR1eJTrfqR1feayAaXq7CQmBH\/9e6IXhmUdMGE2QJ5f5vrNzO0E8uifDIBEQqnOGRVQJQALuVlruvkCYzVIbGOUGCxNe8n3Ai4O1YZIUvwvbPKpdY5VU++ysANIaeAY5xSiGbfRCGOZ0eOLhShHmcLyPuHTqYFddSAeq7VBnsu7fSW95\/uJc8wJ7zrLOp2Y7UWY8svtPWi8fO+vWC6X4y3thEneEzOvD624+Nwts2OGdwfJMiaE4j2l8eWA28W+euCESNuVfCrRALJWm6FEKnMmUF6vWNZcBSHZ9sdySmwgJdHKYtQwGs36+207DIMqXJe9zTWYxXE5EQx3HI6GruvFb87uDu+E03XOeGJ2GOyQiVXkfPhpl6lEdQ\/TISF1ErnSOdVdKBxh15KqFtDgpzEuvnEwY3yWumneuI7J+DN1cpYfQVjIhX6j7H7n+kj+Wo4eBiTL5PMwkoSCvOysnHjdG2swL5pr9oLDpHIuHxmCzpfKFr8RXLRnC5Sp1lN5HbKxO5XgxZYdSx1geSz26mdoOjLZiGVAMBbULNf6IJrl0pheFNQ3QPQZ4YsmmBgefhsM58bClY7h8xqQdtMFjOaP39XCTOgDO0bErTDEgjppTFlTaWMssMuRNdg+YTWJFW05BCumcTVvWvnnidekxWswgQvhECYSRUWiLKJm+cSv3bOi9uOzhskf0yIt4tPozdU6AWIBq54xZ+VZCMwO1DMheSSjsr5nZ7qpk9m6QCGV8wIj8rDKQgAbuTveOZJ2nRcvcj8gnhRo4zXz46w\/5GUCF4H+U2AI+sPiNDYC0Joe33tioUQXT9hXZGYohx9afTcX8OlPWSrffSMoWeioeSVenr\/47HU5l2sDA\/IxcpBsd0fwJFhdrNO3FIID0H9pgdYiwshv7baBudMFjb3+VXM9K8gclztO8xu4dcWmlb12ldRENYxjCN6DE0PFkv4SelKFYTFdj\/oIGqDn2XaBCMgoSe3F0wT13WY853OzhSFgFpciOjW6L+Hm7zXtQaM3fLy7QZu021VwJQKDIRH7B2Ra1hp\/uc1e5zQAQ7Bo7nWejNnGcpBECjNhNvB7sRj5zonFANuGdg9v2VfrHuzETjyCVJBbG8HJwKOhvIPzUtZp48o+sSIQTu5S99otz05ItW0MHSK5H4sqk9gKsX5wI8nPFrgjWPo4m6Dx8h7+uCatU22Bd5uo\/IyY5yjv1i42\/7v0FFbDd+LtEsR3B\/uP926VMTvEBsRx+c84cPqKILt+74ZL6Hj4al1EkHitz2uGe7lsVVvAF\/zUxSYNJ67ON68T\/xMoe+Vr9DntrDFqc5hwyHKWGHzZhW3uGMFK5PW7il00PWvcV2eHaNa+PMoOl4OeV5\/vVszZPBFR\/Z4zmHZk1P+b2R03i+ZmAq4PIy40nyybPThNFIvaHnuOLm+JM6tu2KeMgBP6OJ5uashzuhXMVOe9YrZ+PUmV4dUaQu+g3NydXZJ2Bk3lo7ZhS9pDit3G6Zz2g0m0Fa1KANHpfxlGC0Fr9ZhRCIhhIuCdZQwkIow6ge+P61amsPhYnP2UayQkffM1LtJycCJjPdUUhxz+7n98xdNa5qC1njfNjUGFPyyWiSDuAQO4qBOGW64cdrs3dKCRO2iwgKdh46ZPfPldOxqz7NCWCQ9YK\/NJWGacDu"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02383{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584724,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUnTgAADIGp2kR\/WnKwKgCEQG7xZNpWNoBMiTxG4AQAHVkJQAAAQEICgAfwUQR3+f3Zvji2ODt4UJ2pvF9R4RriUQbCa0l22b\/XtUcbkokh\/gPtSUqtXMb17TUXsUyTZ9pvxUJ\/s0Cz\/oX9qFdH6GZxa7kqTBzisVG+++NBxKSFqYRihc+NgWTaXL79PsMJ\/BjqF2+CBvNCiStfhGfynqVGi5Yp1a1yRNGREskAV4LoT2z+IvnFLgF1KD19HMmSasnZTf+MXtvFo11t1Zkst3ZIB2eg9uuUL87org1p7mKePyLBJj+s8m\/UZuEvCwJbQxkIVUF\/i8GjxLbE9N0R8ZCdweiBC49NtOqKGB2RffFsnTqNKtDrLEU4sUpvY1OQL3jZqJOX1jnLYAMiknG0eW7ZA1B+JXh4KcFHSsJctl5ioXeYkIR3MtyNI\/6wGgFF1g2ftnHKa1agN\/xKvOsfcLTgzJdGoLKhR7Vt76aliSvBOV17JFplmuPGrBq2Yb341a6U3WGV1\/KDArb2bVzBxEB8FOM6vwKk8Lt36nelt69dJVEDbVKfOc9mlbSjHFcwKnrASpOCXG+nrlqwrCF+cP3e8jx+VGyZw+fFSf+ogX9rKIROQGOGu05KjWuPtb9D5NFYjgehQub7xVereeuxgYVZcGofxlgtwpNHdzJAT9J4WHjNRrxqHBp+ncWyQ5qV\/yo3Aj4KP5gx4SLkGV1nykgQ7iLhi66uF\/TG\/NyVuU3+xNYDVaA+YO0jObC5mxUkFZnErbbIs6kdW+GkvhWXdh94Wb7bM8nYkjWCBUXWO2Oy51kuSTLWAjtrtusEyzwh0d+RAfvzIYIcZMq64dN\/TqiavvylXcYalEayAh6HoAJ+5n8ZsbuXfzQqesagNURGGRPYdToh52\/Bh1xqZ+sMftbOvPVmrsQ3POAYITRZ4S+nmIi8OsC3gfBrN8RrZL\/rBpfk9o+K2GBvVNbuWF2\/f8SjXxQMvNkUPpz932OYeEMrKsJviYP\/znQFp+Wucn1s\/pqY+ayQaByKd7Kb+HgXB21Jdgfcaod9m1va41VKDNbVRkuvxpFhSHonAvpQ9NSE4Zmtn6dNQJA+WvzNpWJhcTQSauml9GfTET\/DnnUlZOlFtJTY0q6FCv\/n4cjlCkvnv\/EZ7FsdH9q1KBO9rpVJhVHUzcMittzDiqVsv+C0VZJWxfv9TicUFXi3xN28+NkABnkFlQipuIDkC1wGnPly8\/DC3HLrriwqBciQqmWCkqiXJP4zj3ZwOjpgR\/PGLVWz\/EFCKLMrPXWiSm+iwzX9JuDkdSrnQ+rXC6zVDsk9dL6aBDcC1LWrPzixzU6eFErtZDDrJvP7ZrzmQ52iTHer1XvKvcBaY2dp2NnXLrxJdnR1diDHAJ2C4HvXDigJtIqm209r2EOVWjYSisPXmG00IEV9YnvNm+pH06Yomv\/PSfo4dHFEMyaWuGz3Ll3tepDnj0qRiUTpKxRC9funY9UK6G2bc1KBHfgmQZiA1WmR3zhTt+Nwo0AQaSpYlkSP7rkkvjo7jlMTfEWq+en9DjacxUhXmCnM5OJM+wDGLI2yYB\/Ko9dDfWHd9+0drzkYXhzyaYAprYDrdvSCfFdvTGOfzataFETb1QSk9rdZYjlNLUmuFhfg6TK+13n+spDpZ6vThjAb8R+N28NBh0DWlD3QI\/eC0KVLY+aJPxjyvR84\/1MH9OwsQUNjKgYDKJnQ7qYuo4VgRhquJgIK5e+YBhYGZcwnudxF3QdZNXuctrUxSABrC6TR054DhjM7sgMO5DcHBENCCidE+FjEh5D2xhT5hW2NGOHXhUBTCUCKPd4QSL9bFrm3gRMQcQpNCCgh7+6C6xcYNIeeXwxEylXDC6J+ndltB\/d5dES3LgU6UR1OqS6OXnnt6X1pV6sQ532ZSArjFbeEZTVJj5LB0\/RUUWjB20dL2Ol36W+DzBCta1hag59f1peaPYSI\/NMag7CFMYBebqI"}
01883{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584725,"pkt_caplen":1137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1137,"pkt_l4_len":1103,"pkt":"xGGLNYKpxiwDYGpkCABFAgRjnTkAADIGqNkR\/WnKwKgCEQG7xZNpWN+hMiTxG4AYAHUySwAAAQEICgAfwUQR3+f3bmhlOV29CE2iIFQAL59yDHBYlu6YrnPAdzt3j5FM2jbDZSDhondXPEizlhrpDXLAjVlwtk0IUbceHsFh5yoOZN9tGBk7OHFmMv0T1+dH8cVA\/ZDPwhUsYrrwAzc0YWp9D5l\/zKTDNRS2mpjlwGAgFnZFnuScCL7D3QDcI7zf+0xLeAKUXdJBVQ\/B1iWjD5PRRCsr8aAzUUhsjZ69we6P9zaykDvasuU+719HEPr89LlHjNSw774Tyn1PKGjc0MujgidrEB4VMPjTLoMpZ0taxIHy+MzJMx2LgsIuar\/X3CUtqIIy565AJ3w8p2uBOko0\/loR6b+whh6ChZgv4lW4ktyiwp02AxjPJLlgl6XHq\/Q8SmKq2smu4OmgKcV8MWLymSeplhXEQLrf1AsRGsY+p+ZhkVfiunEIFHwbM7l77Ex6Z8B2eC+rikR\/mUk800k\/4vHjzPA1N9v3yDlEbnfKZFmZ9OwZGGBXC+hhtqjP2bLRU1QgmC+ItZBF8t6irLEna11UfoOoh+ofgt5F3vgBfEAzuayRaZNLNW372lqrJSIuio3gL0rq67JbIs7AfOkevcsPcTC7lPbR1JfX\/oaMLooYN5yRXN5as3b7SWDuA2PdZu5nw\/Pz0tDQrylmrZa45RegN7pLsrXE08BLMEN9nK3Ok30QQocMptp0lubYznZHbPlAkp5bRF1MibmHOo+LeLl+VIZHOd2vFkfgIGhO1qw3y7ZX0hC5mqHufeH2lQoMVSPQ8zFuNd5ILqwhKanmWuVPqjAPJiv86YqBn9fgjryXBSKXNLgJXjO7+zXshAYnr3qzhpJOwGm7pJxqdRoUsrHcujLU8ceI+bbRk80S0YgKuwqVwRwbz15t9BYrPl05hN\/kDjPli+6PB2Il6SyTl79r3WYEyOhfP8vNqV58\/IWH\/3fRUN2FZ4GbzxzH\/2g78IxGyWWQdAcLFEN2AzuweYVWqNL\/y0RuPez0cpw4E9WblWgU7PjppU+es+CUV\/7SSZf9wSXINWnoI56217hBrnPpxTU6Tr92XM1\/bx\/+PjpXhM9pu0Feuf64wgLDJ9luR15FBQZx7VnApsnqjimvzPIve32Gdx5Lr2hA\/gDjq0GABMHBWTBrTQAK4ivjpTyaldxaorhlr6vEB1BYALQUTd+orqiH54HSUe\/s\/hZijqhKFpVZlwY9fe0cVqYXSfoY1+J6VbPHNwk0+RbIoPCQ4RcDAwBffutJWKojEEfvmCbPI6CBi1igS4wHzeRQHzc9ELPs0jZtGic+XYFLaGyhckeBZW6sK1D0VI7D1mXO7LI3b5+6DKUNdNZj1qUwxqhf5EE\/MxaTnx1zHd6JfNCsm\/vQGvEXAwMANZ6dVG+AQNi1uSt+x8iz5PIcQE0Ed3YHapx\/bfyb4BcsV8etiToC8g2+Im9hshXQVBWAY6OS"}
00426{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":585123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jIAADIGTBER\/WnKwKgCEQBQwACbtSzOLJXrtYAQAHVahwAAAQEICh00JSQR3+fp"}
00426{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":586800,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJPEbaVjfoYAQA\/RFXAAAAQEIChHf6CAAH8FE"}
00426{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":586858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJPEbaVjj0IAQA+xBNQAAAQEIChHf6CAAH8FE"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":587648,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"}
01357{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":587823,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"pkt":"xGGLNYKpxiwDYGpkCABFAgLs\/jMAADIGSVYR\/WnKwKgCEQBQwACbtSzOLJXrtYAYAHXbEQAAAQEICh00JSYR3+fpSFRUUC8xLjAgMjAwIE9LDQp4LWFtei1pZC0yOiBWdmg5YWxkeGF2b0Qwekd5WDRnMjZqWWo0UkJRWTd4VDI5VEFqT1l3aXRmYjB6VStUVGpiVjdqUm5nakQwZ2gyZXNmbmcyUUZ4cDg9DQp4LWFtei1yZXF1ZXN0LWlkOiA0RTY1MDNFNTU2OUQ0REE0DQpEYXRlOiBTdW4sIDIzIEZlYiAyMDIwIDEwOjM4OjU0IEdNVA0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNyBGZWIgMjAxNyAyMDozNjoyOCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiA2OQ0KU2VydmVyOiBBVFMvOC4wLjYNClZpYTogaHR0cC8xLjEgbmxzcmsxLWVkZ2UtbHgtMDA2LnRzLmFwcGxlLmNvbSAoQXBhY2hlVHJhZmZpY1NlcnZlci84LjAuNiksIGh0dHAvMS4xIG5sc3JrMS1lZGdlLWJ4LTAwOC50cy5hcHBsZS5jb20gKEFwYWNoZVRyYWZmaWNTZXJ2ZXIvOC4wLjYpDQpDRE5VVUlEOiAzZjEyODg0Ny0xYmEwLTQ1YjUtYmE1MC1iOGI2MThjMzM4MmYtODQxNTc0NTYyDQpYLUNhY2hlOiBoaXQtZnJlc2gsIGhpdC1mcmVzaA0KRXRhZzogIjQxYmEwNjBlYjFjMDg5OGUwYTRhMGNjYTM2YThjYTkxIg0KQWdlOiAyNjQNCg0KPEhUTUw+PEhFQUQ+PFRJVExFPlN1Y2Nlc3M8L1RJVExFPjwvSEVBRD48Qk9EWT5TdWNjZXNzPC9CT0RZPjwvSFRNTD4K"}
00426{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":589196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jQAADIGTA8R\/WnKwKgCEQBQwACbtS+GLJXrtYARAHVXywAAAQEICh00JScR3+fp"}
00424{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":589226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06hUAADIGyEURggIuwKgCEQG7xZHfrwWjGTrtHYAQAANrugAAAQEICrVP0n8R3+fw"}
00425{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":590442,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA00AIAADIGekER\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHV62AAAAQEICor+qRgR3+f4"}
02378{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":590958,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU0AMAADIGdJ4R\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHWr2gAAAQEICor+qRgR3+f4FgMDAHoCAAB2AwPdkWfjqfkybHi5hafIFCxMuXFhAg42i74xWcGK+Esm+iBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDhMBAAAuACsAAgMEADMAJAAdACCCQ4+XIllfV\/oyk2g\/erLLA4ruA7viRddpmmFPrNDoQxQDAwABARcDAwAqvLZxAURZbFmO6LRUH2d8WwuAMqGLMfkOr5xKx9YzdPly\/lRnWSDn51\/bFwMDDhZN6Xd6JBF4VAKva6f8VaOtzNpWertXOwTz4RPzYuBvrt8tpgt747fCcmPA5j+t793wFhGdnYKExje+MKvI8CfpncwfxID52p2FrL281ID\/f+JEEBoA9MM7lpPMw9Bo0oxjC\/61246W+Qwg+mE78Chy6XeMcKnScbNOGbOzU9ACc8yG+4Z2AsVPhP4em6V2Yt5ekyI1aR+mXE8zRFVqLmi7Tkz34ZrBe\/FbLHYtSOAiaQw+uBKev14+ND6dpvHsSaeiUvan67aE3f38cNQL03wvqLIDqV2WTfkT8h3AbMlKLnjlp2q15Zcd2Qe40fUKiOWIwMICW0JKKLGCyXfn5Y8Ds7MCJp3LS3wXLVn3FVVaGBuu1vB\/yHweUg++cLQC295Knysp950MbdZCbRNai7I7nFgWnQUtGfTMMcn8A1md69Vmfvz4pqB3UAvYLkKM0lKR6HTa2LzRPpI+CmVRT4yZTYWwfgVcBT2KrghjIisWRA5q5wzHvSjEvc2azKS4butT0OvxUGq77db95SS3oVAzOvdBy6rK7c8Q5C9VcvXAaOOdSqaOiv7zotRcXv+0fDMyE5ICsvIZZEj2nvI5Qk32oNAm\/irL4ZQqab3apS1ASdcMceK2k\/7RBTqX45UtjgDGUa33lcCHiBbC2lf9NRE1MA5aNJpm352Jw7iWKFnFykHE49TP9APxCXSCe5W3zJb2laG5jCE5TNq5rfTlCAJLE57e5ccUzGpWcv39IsOSWolJMWubxvv7+9GxBsvuMa4YDirQpdtYB+DbnzvnQ+cnyMKIV8oWOhjEdNr5wF43CKdtEKOkeI3iecgDUUhSfdxSWnxytcF2PGkYIc617xvgQrpfyLXR99OH10fuWf1jK3BkvVNBTiSa\/HNujUSahH2NbLq2d4GwqyhBf6C+7mvrmsr4\/4L9bfj8l0P3uJVjV46Va+dNjIizc2gQForAjmfy3032Bh4lO\/4MIyuwGKoOuycFjnLzGZE1woVyF41xfr+TKrfF7\/hU95kPKB7hYf2\/4yRSrFfiEEorGHRfQmj2JZD6zLuFs2ap5BP1K2RyxUGjL2hlH7kRuSLqqORtZk2q+X1b7Akub7fk1VZYSedu80+6n8XnT4k1lgLE7mZ6dWxCW0xSy\/p4HJlW3AZdiqWugXe6QBmAJEFixxGVWCyC2pHgBQPqMs6qWCxk\/Mrf6\/UMY64DmyTAXT4eIqobD1urftCYJqYmKqpNxJoegGynAsCSzlaetj6\/Btpwaz9MdhS1mqRN\/evH\/AOZB6lawfBkd3OUp31P48uAyuFVnFrzPIrVfVYQY\/ETPLPafGT6PtfARjEVrJuNG+LYNCVupAazT6odke5WzQyJNrReIGpAbGpvT3PoyrPMn0KNSrnuPt25\/HHN\/uizy4OgUANTEY1E5L9+JdaNqdixMGIlHwvJg0RUsVnyj6t3Bd9CmXm0anZlQLRCBdOvIVFRt2uXtmvFuRbKF2J11BbEvPl+k4zw99kzDQXvKd3n65qfee+hC4JsXSMMS33fplhNNBJKF19+P0ViDgm5r8nzJTtrTFNVD6bMVAUujNUDXr6o10oiAuN7z+RP\/O7ANSRrj1YJgbK4V9LN7OvtTwavaMYScgdzPmoIRUX5pWj07S\/ZkL0+sJSYqbw7c7JsfUdwEOI\/BAACrLxZU0YK"}
00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02381{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":591177,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU0AQAADIGdJ0R\/WnKwKgCEQG7xZLy+q+KfzqrkoAQAHUYLAAAAQEICor+qRgR3+f4QHJmI1Cnwgdi5hQt7BXjTqx0AI8Cq2kXdsBd9yhND8LWMKiSq0VmmbX+8jfkSziqSouCzetN5SJhqPoujPFU3pisWEtWENyzRZzUDEzQ1w0AO9l9QnCZZTazBaLSzU+d\/BgnYEgd9TWpJroigc9bK9p\/vbRyjl5IJCG1ViB3SQ8zu\/NTwrZ52qHnxA2SShMRcT6jUEWYUm4MW+Zs9nfWEiURYKpBX1Ugi1QQDhcyQCmXIJJhveqKinxbsPw6stD32darp7+F85Mi\/FG2fjqrhYFVWIbHJSdp+5\/C\/q4LwqWGJGWLKLZx0EdfOrHU8s\/oJYdzayAIUVFmA22082SMZ3LH2kLTexMWBJ+0zP\/tvKCDwHot\/OOBXTYvHTH2wrdNXPwGTc0gvU+6Tqk+Q135uexNZ1kOU9eq7xQ5JlhRWSpvBwzrzpZkwo\/7XFgDB\/AdnJxrUom2r+Jw3tg8G2WDiFCCUe2qq\/uRGivATOzRTEeyoTwiVbUWnGcEJd\/+p4TPqKxREPd\/xqoaNjFd4Md5qyH3WoM0ydV\/KsCcMTmCSubKz201vYUZWKBDEh4Uico5+MRcQFTyOrMCZF8hhoOfwQaAzwyuDCBfiF9eEGeJpMDgUumLfjRxygC2HK588uNM8VMrol4yKT20cR30gMhL9229bSneN5bGXDiEtcBCrbiz8RDHhcVHyD5B8VfaPqIQ\/kA8pHo\/5rLw7NByJ0Vg7jVor1MQhlhs\/bMPHgnTPeG8IesmgZs3U2oaTSgniLbAMlBcIrmf2oZER2QWMIFqhSTouDETiKar0dfMRCVl1FvVmweb\/ByLx8LvdspM5\/majrxONFj3Bs9p0m08gWEjbFeqTFsLLLn3A83v0VLpswkpQ4nNwVjm3dnH4t9v9Gxf8YeLqr92xS+YUSdxlApJ3QQf5XOxmbUv1cRtCD3dkRNV\/7bfmr18FD6XbifYOhe8FMjB4bwKo3pkMtA7l06nSWzNH1c1sfDsBcy723H4TyjhEipbxgu51KZnRMU3n6mfFLmhRZPM3aOabHlufGn3S+u1l1PPMWx4WrWzIuCPhTif1H6iKVD6hrUPRixHcelbraACOhx1uqgOF9R+vfP1\/BHEH7Y9W\/0uph0S1uShxkR3buFRHePFSX0g4BKO+Wx6Ty9ctg\/5PWY39G+Mf95lrKmYXiITKJ9+IqVWm\/iyzPDwnDnVqqQ1Kj196uTW2\/bYx75cuMpAXDRCB66vsuQKvl0SdlnsIaE0zYQ\/xHEuMuZhmYp5Tzl+kTx1LrtVZ7UGXMzatQSw6VMgUuGHMKqraWF7uNtz7CIvCF3s12UNOHztv9e4GhvtJHrMNICy6t2Tc8hJ7o3jWCd3KEWz1LMi6JfSRfRMYilCoJ0WvZ5ye1egjDaqUk39VhKEDs6FiIVWKYwoLS3kZyOjmj8NO2zbaHmPyFBlJSlfK5M71ZDC6se40lUFldoMCkjz5goixv0grJaTlK5fIl5jUDebArkW2dbAIIPVb38Eis\/S2kdhrlgmGy1vMTagnOlqP6DJlElA8cZaiQZNmGrN0Xm5E+IT9dZpmxpLDHQap+569WrfXvNqP3P+X+Z0AJpNzsKN6O9MzVvm1+kCCVj4udI7dJlDfI5cU7N2OU3ctWPv\/NphdE6uu6z82Q7aNeUTWl3ag7uKZS6lYmYlVpAOQcP5vzR63HQSXFgHDk57PTeTO5xNyQ+pRWcz4tXWtA7\/FX6Wn9TW9+6rW9TNr9mK0QOC7EUhdd6a5Ua7i6kHWMpZSY5FzhHPwd4Jusw44tSWnEGC60yMyojeF35YhKexzzXRSILKjnT3dTgo1JUXmuyNKvZTQQNbuyWPgJVje28gO9KVstdshcDtjLS9dSPDH82HWBK4oXdckMPy+7yDsdcsm4F1yy5sYX0+gxSF0BW5Da0zfp+k"}
01892{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":591563,"pkt_caplen":1137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1137,"pkt_l4_len":1103,"pkt":"xGGLNYKpxiwDYGpkCABFAgRj0AUAADIGdg0R\/WnKwKgCEQG7xZLy+rUqfzqrkoAYAHWR9QAAAQEICor+qRgR3+f4JqEdHue5ivuX3xFR31+9eQx6qvHpEO708glv1H56cewXcjpv+hUvLBg7KDhtwU2nbo0+31kknyWNwqjsZWLBxCaJIy4Cxmn\/CjuRJCBCyRsxsBL\/NweZ2r0Y3qI5z2Dfqh3QjQKYj31cBf\/AY\/2NZd94X+PQZkKk+3YznOJ0eQwe8pRmG5B4x9lbgjrZr29Tt30sFrEbvjSbldY1RYgH+rKr5nNOpoi2Yhl1m+RLYoTH\/eSm1hgBZ5T37hoYFPrc0FRavq4ZQmHGbMWrzzPl2JkyOgLf+urChmnLqPB4MdE4PUA\/e9gvHGDlMju8JSWALc0964HhMObNrmLMTq7\/elCbpjsTg+NmxPZ66U18mgPeeSZGixPU4sNEA1GABI2KJag01TktU2rGxewKnpRSpg7Q3njLdWKBh2IYRiRd+ecvORQIxK5m\/Rr\/TJveu03zZ0KBQjH5iNCf5aR\/LdV6NHeTc2+e8qyPPkV7v4QUyffzGuUf+Y\/Ob45MhP\/2TiKgJJWnRGE1UKdIvAVqEFg3dyLKkx2SF6062tgAf6mvCrfVNI4K2CBH+8JLjwYfzg00Un\/lHD0ovgl2v74hspPG+F6DLOfjrgRnpW6\/tZWvbxnGim8grAduSl2d08spP0TgJyijkd81MOX8uKXfrQgV2kQpk7XNPRDN2ztMC7h\/IGPWnzCaM1FSPfcUSAh3YwV6XjdUhm7qrByCjoeEmdD4KODp7cNhy72KZqj+oN4YMLfZ\/mq9xnMvswNVWdsxbiIqEe8Fhw4FY3ZSAJX2IKyj1k6SLcjKIUCnOKgZXQN5IUgtcwptc30ft9A+Ae2CU6wWBvfspIPEbl9+apyTmEfjOdsqV1JA9XlT3Lq9MxfKTF8aUiHFECwIPu4ctIjeRf7oTbx+k4hMWX05YVmGnImHgxVs9iap8KX\/940LlU4D\/BZIi8Pwrcu0nvruQVWp9aE\/ZQjv+GZ5\/PSFWwvD\/frt5O9JNm0zyMrAdYHQAW71DPYYzstaYsJ1E42vM93oeKuiojoO7uCdQq0chaF4SNZBRyKEjbrhBgp6dplqdCW1Sj\/DUMgFy\/D\/YOboH\/VU6PLr+c9kYpjLKFnf4TDYqdzNmuzi++tdYaO5xtoSPYLj6E5znzTTWv6D4HKnet88VOXx49SBYJTb\/gKCQ8K1aVd3lyph\/iuhySiPCeYYkZQwzielRjV4HVGrD\/PpF5AKsoIXAwMAYRz81U3qiwAn+rx9UWCWO1qjQqlW0\/xp\/WynugxrneryUXe9onWUIRFs70Fm6MXIJCYt5QNgxLhOAyFb99A2Ad27qL9PfMvyCsTeSb2nzveoeE8tl9VTZW90eMgH7tmLkMgXAwMANXJ\/jLnTXKPevW+k0tEB2Z6uY0bhtV8qnV8ylPJY6jjqyxVqzAYJR+KIA\/aOdL0pbPl7\/+zF"}
02362{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592070,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU6hYAADIGwqIRggIuwKgCEQG7xZHfrwWjGTrtHYAQAANCLgAAAQEICrVP0oER3+fwFgMDAFACAABMAwNZdFzV0QA2PKiuTvgdN9coa1Qdq1L8ifbPWVMLctdgVwDALwAAJP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xABcAABYDAwyCCwAMfgAMewAIMTCCCC0wggcVoAMCAQICEGRKaPARhhkxGSgjco++FUUwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MDMxNTIzMTcyOVoXDTIxMDQxMzIzMTcyOVowdzEXMBUGA1UEAwwOKi5scy5hcHBsZS5jb20xJTAjBgNVBAsMHG1hbmFnZW1lbnQ6aWRtcy5ncm91cC41NzY0ODYxEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5OQ26NMG3+wL7VQiRvYmEl0dQH+y7jG30Xq0szwA0HhHUOltteAVEk7uSCV770vGd8H4YroH4zaTHuZZyL\/metoo+fOnZZ8yuBRKAQEmLk0k6cXzi42emR3UOxVIxlABab20cmMjigYECGz1dGXF0EVjhPY1lgnLend8sIR6OL7\/ObnoRYnAwHUkr\/23MJhV\/9WLdWWoaO0o4XWPPqhmI3OqDZf8Abpu\/K7n7yd6VTKQexqxHBqHI6jliuXkwp8rR5j2iTOLocZme0verNUtgPf0J3B7fESJtecqmpQmw\/OkATqNG9TUcsJZ7elwHm\/QpnqO5VHCTWTA6kKoCj1HwIDAQABo4IEyDCCBMQwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBTYepREfJBwkBae3RecAUQDhtYqKTB+BggrBgEFBQcBAQRyMHAwNAYIKwYBBQUHMAKGKGh0dHA6Ly9jZXJ0cy5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5kZXIwOAYIKwYBBQUHMAGGLGh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGVpc3RjYTJnMTIwMBkGA1UdEQQSMBCCDioubHMuYXBwbGUuY29tMIH\/BgNVHSAEgfcwgfQwgfEGCiqGSIb3Y2QFCwQwgeIwgaQGCCsGAQUFBwICMIGXDIGUUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIGFueSBhcHBsaWNhYmxlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSBhbmQvb3IgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA5BggrBgEFBQcCARYtaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmNybDAdBgNVHQ4EFgQUP8a7O4KKBEkwqYE6aCTMDXOI5ZcwDgYDVR0PAQH\/BAQDAgWgMIICbQYKKwYBBAHWeQIEAgSCAl0EggJZAlcAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWmDro+VAAAEAwBHMEUCIQC6qNKm2PO2iVnAY3dXNcjP\/RRQr+eSx577YiUlj0HeEAIgdvb7+Pm+oRrOHFlvXDnzWATgNjKeT7gxKY+JAZJ\/"}
00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592079,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU6hcAADIGwqERggIuwKgCEQG7xZHfrwtDGTrtHYAQAAMqkQAAAQEICrVP0oER3+fwZooAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWmDro+XAAAEAwBGMEQCIAP01iSTpljIzjFVfH3bSqLJ8zJf0QbTBoJ4F04sCl2YAiAcz7xSNKrHIcafP6evKtJMETOMl5mRGzgWHb1pdUy11gB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABaYOukHcAAAQDAEcwRQIhAIHJdGljpS8EnOBT8HqnM9pqHuT4kpfw6aRKYr2ifLD3AiAExKL9pYFPcaH1\/\/Qa6UYYTKgFD\/mGj9jVUDZXDlx0FwB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABaYOuj58AAAQDAEcwRQIhAOykdqwFKJ\/evq2GZyLxer94+svbUqdIz6f5TVT6luKuAiB9w3hGSXUPQT3WSF4KHZmO\/m8+3kD5OS44XjX\/+zncOQB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABaYOuj6QAAAQDAEcwRQIgMekPCAB2cdLnDkrErZneT37AagK6SF5591cou98K8PgCIQD\/5YxliNlSpuHP\/WWiT1ZdxnMeGlJtdVHI+wpOJESyYjANBgkqhkiG9w0BAQsFAAOCAQEAjZ0P\/nG5YRxm8RLTijJiE2Qx2JxB4urIMqbhv1VBez\/3VSqn78NlrWxVq66QqAs92I+rR4ndtmBc2L267RvelwfMSJB8Zemk\/\/03uKH2Pj+z8Bd8ROX4JP1Ys\/p63Fk1sh0mfAMAscorYQioE8c5w1qg4+\/33MspRF86C61S4D1XK219g74\/kqmGu87Ca3weX818oLHqs\/2H+xU87sggygFyq2jGxAkyMpbAfpuk2dpc2fkZBmBimbH7tcgb\/MRr7EAhAd+Lmig893bmEunIyDfhCa2uLR78LYvEUinQAlMcHYYYJMD36U6skh+y0nDm54NvrBuMJtPGTTQeZrvgvAAERDCCBEAwggMooAMCAQICAwI6dDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE0MDYxNjE1NDIwMloXDTIyMDUyMDE1NDIwMlowYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JOhHUdDIBayC2vrw9W06MeYzfPev+hN6eM2gAf8RRtqfEWGrlbTpAl\/YQ1rXX5Sa320yDnE9Gc694POGW+GL35FfkccZ1LKlQVd4jZRhcDUZ4A1bxXdPv0d0v2PNFDY7HYqvuPT2uT9yOsoApYRlxdhHOnEWTtC3DLRCR3aptFDhv9esryMz2bbAYsCrpRI8ziP\/eoyqAjshpdRlCQ+SUmWU+h5oUCB6QW7k5VR\/OP9fBFL954IsxVJFQf50Tegm0sy9rXE3GrR\/Art9uDFKaCoi3H+DZK8\/lRwGAptx+0M+8ktBsOMhfzLhlzWNo4Siwl\/+xkaONXwlDB6D6aM8wIDAQABo4IBHTCCARkwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFNh6lER8kHCQFp7dF5wBRAOG1iopMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0"}
01406{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592156,"pkt_caplen":792,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":792,"pkt_l4_len":758,"pkt":"xGGLNYKpxiwDYGpkCABFAgMK6hgAADIGxWoRggIuwKgCEQG7xZHfrxDjGTrtHYAYAAOHLgAAAQEICrVP0oER3+fwZ2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQsFAAOCAQEAFkdzb4WiYuHnKna7iZVCJpe8SqyscFM6PzGDPTwcq5risV0cdhqgPAxyV77TnlDgyJnWWNcC6s4NKVR8zfXCxpApVaNvFKgLQg06mG0GeJ7waqMdAgqiKKSNwoFGPm1n2t4\/\/oUOQioS3rW3+7gbp5bsd5\/s1FOVev8H9PIKFMBRUrHWjlALGplcvAvJve3t+F7BVttNfiOkEaEs1BsFmuQbUvZ8OJkFS7pyjUKJYARmKvT9aNdr95lBKNZsJKvmJVMuyIKZ4qKPI74wg7Eni\/pofwFJ6MaYaxAumF6K18pLscfJWJrQNtuWley2geTyzW8beYdMEDyJ5E36VNyqphYDAwEsDAABKAMAHSAEN1l3z1MIds7QfYyxuK7\/V8Dclcp3hwl2d8VuWSTRbQgEAQA\/SkBXY8ZMu5f7OlqejpFPerw1+zHh6NCnu87LhPTQ9\/RorGa6QeGaStaiATpErMqJFcfDZJ6Enf2nGV4poLGqB0HL7\/2eU2D2J4\/x7RDb9JTkN+7eeK4eBj5C5XTwuRoglCdnwKOMDuL4d0PMW8ktqaVHYXj2muifNjS1W7eyHL2JBCJjPIkbNbLtB6G8J2J9en8DIrIcW3E9sCbYvUSgPiApPO9x2FMxtbbgET+epQHwOBuZ6yU9A7oaI1ORhOeQtsmHeV+hRRdVZ31GwHnw\/R4vx02pzdO20qB8Xmo4us0J\/iclY6k4c75AlHn1uTYmPpAMLFhaPSGi9jZfJQMgFgMDAAQOAAAA"}
01140{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
00553{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":593624,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGrCfAqAIREfi5jMWPAbsN6rjapgyNS4AYBACptgAAAQEIChHf6Cb26Z9qFgMDACUQAAAhIL9y1EDy9eTpmWS0iKCdetkIBrN9k091SGDIaH3oGnlJFAMDAAEBFgMDACgAAAAAAAAAADOHN7wq\/sCzBaRwj8WRi2eooJO8qHv5P+c0wRI9i8de"}
00437{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":621600,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713167,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="}
00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713210,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCUOgAAP8R5V\/AqAIRwKgCAfrLADUALpJfu2MBAAABAAAAAAAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAE="}
00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713214,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkxGGLNYKpCABFAABB1EAAAP8RYgjAqAIRwKgCAdBFADUALQ1OiY4BAAABAAAAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAQ=="}
00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713413,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7QA4AAP8R9kDAqAIRwKgCAfQ+ADUAJzA9jewBAAABAAAAAAAAA2NsNAVhcHBsZQNjb20AAAEAAQ=="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713473,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCtyIAAP8RfyXAqAIRwKgCAfeRADUALilRj7EBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713588,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABD8ooAAP8RQ7zAqAIRwKgCAdAYADUALxueCAsBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713711,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCQ9gAAP8R8m\/AqAIRwKgCAdLfADUALndaZloBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713833,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":714280,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkxGGLNYKpCABFAgB0AABAAEAG\/AHAqAIREf1pysWTAbsyJPEbaVjj0IAYBAAl+AAAAQEIChHf6DQAH8FEFAMDAAEBFwMDADWHsyiYnHR9U1VZ39KYD7Vit6YXikasTmHUUAQVD89cL6mKnwQVFe0\/0ArpPWq2vxLyjznYdg=="}
00964{"flow_id":27,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":714447,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"pkt":"xiwDYGpkxGGLNYKpCABFAgG+AABAAEAG+rfAqAIREf1pysWTAbsyJPFbaVjj0IAYBAA3bwAAAQEIChHf6DgAH8FEFwMDAYVgkPd18XfWsYhba8Leaa1gm9tllqtkmavMsp3W37EAIK5\/LGFO0M52xTC59W8vBVPRQ6aOqDV6E20MR7dmI\/8Wz1pBTjpBzRmrxsx2sjaVZoxTRD+FCeE1+Jx0bguRZ2HLMsMGm77uEfhRs4gGCFLGYOJtA0t8w9iIoTQrmte5QizIjaUxlB9ndiAySdGLRwCaFmhPicPqAT3OPW12QHi9PSX1o2e31uGlbFc118YD\/+9xS0RPO4eQmZqFzUYM+5jQwOqYiexP9p55UOnmAjD4k2GuNYPaCPFs31IpulHvr5m1Kz4j\/2uLN9S3x8XK2RQ5XEHOWalkMK+CkbUfLNqWIJT+dUQTpIbvidFnWLxD5av\/p+Epc8GjJpiRcTzHtyKULgBz6CaFkfPvGiI4tvt\/K9hy61F3LZoXayll\/zzYO1Fpy1qm06tHwnAxX4sfoK1iGkW\/FgzGkaxFUGUBYbNxMEx6GG1JtJkdFbPddso6jO9mL3IJXxGRe2gGpGY52elc32wlww=="}
00425{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAsleu1m7UvhoAQCAtPjQAAAQEIChHf6JMdNCUm"}
00425{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAsleu1m7Uvh4AQCAtPiwAAAQEIChHf6JMdNCUn"}
00425{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu0d368Q44AQA\/Rb3QAAAQEIChHf6Jq1T9KB"}
00425{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716905,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu0d368TuYAQA+5ZDQAAAQEIChHf6Jq1T9KB"}
00428{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":717341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OquS8vq1KoAQA\/RrcQAAAQEIChHf6KCK\/qkY"}
00428{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":717448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OquS8vq5WYAQA+xnSgAAAQEIChHf6KCK\/qkY"}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":721885,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"}
00424{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":723398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"}
01126{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":723584,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WUAbuGKOrEAHfVYYAYBAvpygAAAQEIChHf6IhbEwd4FgMBAgABAAH8AwMzFRfGYqEP+F2R9Wbx8vDWDUZY+c8QBvM8\/0aM\/WEb9iAqPOeRwqVGvKjyGH\/94GF\/v\/oQUTEAuuxnTPPcBfvphwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACDRnQWWCbYOcip82sNQrIRN4GlIi3Ilb2X7z1S+9ioubgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00553{"flow_id":24,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":741873,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGY\/zAqAIREYICLsWRAbsZOu0d368TuYAYBACs0QAAAQEIChHf6LK1T9KBFgMDACUQAAAhIMgVY244BOxiKd2+gdbWzkS7fU3yOL5z306xpubGDQ9tFAMDAAEBFgMDACgAAAAAAAAAAFM42iq4K3c4kd2q4XVvp0HV7UIJJNofTiIO8GDsfdpQ"}
00496{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":743615,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnf0kAADEGfAgR+LmMwKgCEQG7xY+mDI1LDeq5N4AYA6v8uAAAAQEICvbpoBoR3+gmFAMDAAEBFgMDACgAAAAAAAAAAA3b\/qASlfy2I37M+RYMkmQWZE0T6Nz1drAnpgD2lscA"}
00519{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":744914,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkxGGLNYKpCABFAgB0AABAAEAG\/AHAqAIREf1pysWSAbt\/OquS8vq5WYAYBACILwAAAQEIChHf6LyK\/qkYFAMDAAEBFwMDADXYj6OcZ3754e+7+OU9dS\/mOMB0szbGNwTAiR9oKCscWnhKPEGDnnP7csWGx3lccKumqgrS5w=="}
00930{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":749982,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":438,"pkt_l4_len":404,"pkt":"xiwDYGpkxGGLNYKpCABFAgGoAABAAEAG+s3AqAIREf1pysWSAbt\/OqvS8vq5WYAYBADp0QAAAQEIChHf6MGK\/qkYFwMDAW8XkiUsYdYi4gEEa2p68y7q4YhYQpyIHWBtUEdZgKR1xQJYD95SJvWcSz9AjF0XFzi9f5Yt16P5Jt6A5qBRaFQr1j1Cidj18IkTxiP+IkbyhEMBdVazel4aEjmsF25cWkJQCJwM8IvAQfFKSQUPR0OZZqsPqV2z75y8WPhJY\/qSCWX1RvDg3iW+HxYiOXnRc5PUwXNqRkstGMvU+KqXEbS3CMGIIEoALID4B7LFZ3\/6fIiygspycqOzDYnr4nbL1vAp+57KUkf4kKFi5jvsXGq+hR6h5BAa+8bisfma+Q5FOnKBSiWwDnFeMuCVWmcQuak0PP8WPEwIhtoyLBv\/8Angr4IasK2GbOVDB0UUsClgzkfPTx9GvxPu1lYcp0cxWG+p6D67tYFcvXTBKYLCnnSvhghozZf+mqQ4vSUeudb3w+KlkPt5BbVYoUHi0K+LXSTVBHiWoCnAutHnJ5QP972YFx\/7oo+4R3CgEKJOVAUl"}
00822{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750143,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTnToAADIGq+gR\/WnKwKgCEQG7xZNpWOPQMiTy5YAYAHoBwQAAAQEICgAfwesR3+g0FwMDARq+JSDaRuo+lztnEnUWNlmvEejTm\/rSgA7jki+ozt4tIa7R4HICQeNtqEXmAxGGqSQO+vO1AWhCKAqGpNvwQ\/DjSJStxGhPn\/ZbQ44ftmvtluqTFBcrA3amnQkX2rpB\/muOY6S+ZEcc0AhAcCIRa7I8jX8B2TvR1SNcYKYLmQr7ulNaEiOZsy6ptx0Hn\/LR1vkXv+ujcFBz2emPm3m42MqE8ucZwxo+ZODwLM20aF+WpV0iAcqRW9apkNSDwM1an7rTZeah\/ieEW372juJvpMcRPNCo0nA3U4svluGUwkCCLXs6zaFvFXQWXdzExXM2CAXznJU2mdJVlwezkf29\/Zfoz0a4vVtRnCVjzFCWv9rcrQ9C1AK3\/\/abAgo="}
00818{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750162,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTnTsAADIGq+cR\/WnKwKgCEQG7xZNpWOTvMiTy5YAYAHo5DgAAAQEICgAfwesR3+g0FwMDARoZg5XzV2Lq7mj5iENSHRiOLkiIAFoq5umDQO7qzim0N3bAMypLvXQRo1r\/N5QhKSnRsHJkM\/3scna6z3OFBMsPsUTmotdBv6D1iV3wCK7vZFrB5tU5Knswt7kok8B3w5SLRfb\/DJYGcjstngikuVZYQ0MVSaUrSfMJck9CNCMue0Is7TuLDqimsYkLWmNxjg44dZpCBnCwDBcP4Aa3eGPyVwpNds2HJ1MIpMNWUNaSU+JpipohhHUAU0YTkB15jBd8\/uAa5NDqfSHZzsKUZLUcThc0WLv5s2XE\/CtZX2QobcEmkMPMrRqAxZDErlYnA8u4gKhrevhFjLoscdgfCiGY1r5tQBZRpI5sLscfE89WKHiplZLXaK0V1j4="}
00886{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750163,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"xGGLNYKpxiwDYGpkCABFAgGCnTwAADIGq7cR\/WnKwKgCEQG7xZNpWOYOMiTy5YAYAHr1DQAAAQEICgAfwesR3+g0FwMDAUnKKE8e2ns1f1p0yy0o+Un10LeAt71v0yfIhKXtXabWiuP7XXOmjrkV\/6hW81IdokPFseiMKELXm3nQDYzd6L6iRvROne2AEE9vZKKecN6\/BW9W3xGATx7fplygap6F0oV175GcwF6Eit9DP0jHfoC7EfUaQ81eRI+En\/lsQ16FTLWHP7tLP3UkLDuKaMwXaLvdl3BnWWbF\/oLjOF9WH8pD+4MaI7Q7zOXqlpDqxUUyXuSQcoF6y69yWkwCt3OoguqJ19046xQ2f2310NUduykPIqkmiPY448CziBiApbcW\/BzjKVR6tt5KtC1NCvBzz0WF\/RbJvg4+FF9JInqd1kV8rk9\/jWxCqlVStbupDtL0dLI\/k9JLkG3ghyEQkQCGuITPx2WQ2AzPUAKxq0F7Fv74qMZxgDU5DSn5Iv6\/yC7CkBen9DxiMsTIJg=="}
00611{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":755439,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="}
00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
00640{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":756296,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="}
00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}}
00519{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":756503,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAAB5PvQAAEARth3AqAIBwKgCEQA1+ssAZUgsu2OBgAABAAAAAQAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAHAFwAGAAEAAADfACsHbnNlcnZlcsAXCmhvc3RtYXN0ZXLAF3fP6nAAAAOEAAADhAAewwAAADhA"}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":757085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0AqYAAC4GBSIR+LBLwKgCEQG7xZQAd9VhhijsyYAQA6uAfwAAAQEIClsTCAAR3+iI"}
00635{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":758732,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyEMAAEARLHjAqAIBwKgCEQA195EAu7eFj7GBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00635{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":758813,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
02358{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759177,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqcAAC4G\/34R+LBLwKgCEQG7xZQAd9VhhijsyYAQA6t2dwAAAQEIClsTCAER3+iIFgMDAGgCAABkAwM1ZBgu0yS9bOcmbk0kGdrgxoQLKwV86Gi2S+QsS9zQLyB3UDw5CeZVXrBBqV2A2Nt5TbK\/3sasXZSQbppEORT6eMAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02370{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759412,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqgAAC4G\/30R+LBLwKgCEQG7xZQAd9sBhijsyYAQA6uyvAAAAQEIClsTCAER3+iIMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
00635{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759486,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00663{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":760578,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00623{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":760726,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="}
00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":766077,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"}
02368{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":768102,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqkAAC4G\/3wR+LBLwKgCEQG7xZQAd+ChhijsyYAQA6vWZgAAAQEIClsTCAoR3+iIeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01126{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":768108,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"pkt":"xGGLNYKpxiwDYGpkCABFAgI2AqoAAC4GAxoR+LBLwKgCEQG7xZQAd+ZBhijsyYAYA6tCLwAAAQEIClsTCAoR3+iIMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwBzDAAAbwMAHSCOEGeaVLiC6+b\/0wnT8E8OeNNKWCV6MxdIA2YHO6daQQQDAEcwRQIgCS3Vrr\/Qw8tH3\/yPK71uGx2o79sIcnPAoyR3PpMP6DwCIQCJVV0RI6Vgj\/Nh0o0G2\/Ig8XOKXIzzOuC8cQo+KB8yBxYDAwAEDgAAAA=="}
00774{"flow_id":24,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":783837,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"xGGLNYKpxiwDYGpkCABFAgE26hkAADIGxz0RggIuwKgCEQG7xZHfrxO5GTrteoAYAAMNsQAAAQEICrVP00IR3+iyFgMDAMoEAADGAAABLADAmdO6ZKgegb4aq5BxQP5CxXrL1DVbM7xBuCLNMro28JKalbikOVIgUrccPEKr5L3fnfftuAOoYOGekEgPY1x2WVd\/SAAynLxhsy6dbfjmLrPGjMq1hAlWGcHSKLZK8J3hMajG9zm+c4ZMZr0lWfnlVyVa+xiMhyzU4al+L6B5lrZqxKr\/+mn89BjJqsN2byVi0mA9RiGlUe2IIeIHIu6TQs9dN4qx10w4eK9hoF5m4AfGPuCS8mZgYn8r6C6eRtBeFAMDAAEBFgMDACgzpCi6VvByC1sgagi8Q7raFpVF+kr0VUMH0mNdudSDbLrqRbx8pZrd"}
00821{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":786331,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFT0AYAADIGeRwR\/WnKwKgCEQG7xZLy+rlZfzqr0oAYAHWIbgAAAQEICor+qd0R3+i8FwMDARriUgIv6GkVu8F2AXfKdy8ox7cIh56uiJz+qprYzDppxDVem5iI+KoYUneGqEEMGK1AvbDY1MA8CDGbAnb4pf\/lomMf\/PHCBZS9gGT+wv5VsWpADGZ9yImUsxPqhIAIJlim\/rJlAfMInG\/MYAB+1v8dEVqt2ECIYPKSpIC12Si7kDJ7uB21lNmmvJFZDAy+k008mOnR2pAY3pDwBL\/5fDXHhx6+AU4Hq5+Jj47N8FW\/UF4N+DPfqCbddpycheXDR2dhENo35F+aWEWpu\/EcKhXVYRglEy\/4cMHNrAFPjES++v685ERZzqjI5E7iOWhBlgZKBaVy1UvkUGwXQLJ6a8+wDOtDILMtJZQhXeepf+G5amptLe2Z94KkfdM="}
00818{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":786343,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFT0AcAADIGeRsR\/WnKwKgCEQG7xZLy+rp4fzqr0oAYAHV+eQAAAQEICor+qd0R3+i8FwMDARq5SQGQLnpWEcZ2Mh6e8JpH9tNqVJSQsj1NJbd\/RGbmiMS+91Lwtn920c75q3zbN6d+yFmlUcVHA+V3CVtls7mlm1zgL+yEc+FSMDbNLEWo43ZT8hshMwnwLb7npY9b7JDOlmV1Qra90CMCKhe26wV0\/ynITWCCp\/krnpM1C+P5AKzy7Hq6U8p6ZDzX2t3Y\/sEtyuDYZSrODhSvPSx7uPqVffMy89AqsFy+kGj8eT3GGAt6LrTx5LXrLcDGVzn0kbHgxjpHYrIFntuAlbXNQndEuV9WSe5mQRRzfV+FyGY\/wXAzlUoEvEdgdrxbAAWYi4rKZBROMzCjTD0g3L5+5oukLIU4kb8WcqOuIs+gc7zU2eOr4jvucJ8kKns="}
00888{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":791328,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"xGGLNYKpxiwDYGpkCABFAgGC0AgAADIGeOsR\/WnKwKgCEQG7xZLy+ruXfzqtRoAYAHrJzwAAAQEICor+qeIR3+jBFwMDAUlR2yeh\/Mrk2fJX31Kbd00awnMuhz3GB9Ls94xx3JaJGZ+\/A6JPrQrCIXih6p4sOutNIGl1b+JWS38YYp2wPOQmTfAMnfY0babHjP6Hd1dNGmw7bXKD+U4Aht1LnEOeRx7NT5nGK8f8\/4hefRUyf4D7r1Ccvwl\/FMcl\/hZu9Uo\/45MSKf4yIepSIrw25o0TEmJAt9YF8l+C6360U09bwkiIXowoItrqq+Ah0+1mo1CF3k6wVc7GJbB\/8o+z3P\/y+fBtchKpiNPZqbKNETs++5bIsd1ZrC7k\/bdKO3sbWGF11oTpLYymRWKeD73s\/qjxq1XUOz\/fVmEgF7ryb1GDsgQ+QKaCRnwnxZMUACNuUpV892cuBto+OXZrKgqot3hf4pvrFByj3DwU31ULwJ1pK3ms+DLLzYxjVXXCJ78ADQhd9XUZO0t3SwocDg=="}
00439{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":801586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="}
00437{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":867837,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="}
00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":885958,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="}
00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00432{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886016,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="}
00426{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOzJAHfgoYAQA\/R0UwAAAQEIChHf6SpbEwgB"}
00432{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886500,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="}
00432{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886626,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4spEAAEABQtHAqAIRwKgCAQMDK+AAAAAARQAA45cxAABAEV12wKgCAcCoAhEANdAYAM8AAA=="}
00426{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886998,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOzJAHfoQ4AQA\/BsqwAAAQEIChHf6StbEwgK"}
00426{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":887136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu16368Uu4AQA\/1WNgAAAQEIChHf6UK1T9NC"}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":888448,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"}
00425{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":888916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"}
01123{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":889102,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00838{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":890665,"pkt_caplen":367,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":367,"pkt_l4_len":333,"pkt":"xiwDYGpkxGGLNYKpCABFAgFhAABAAEAGYyzAqAIREYICLsWRAbsZOu16368Uu4AYBABb2AAAAQEIChHf6US1T9NCFwMDASgAAAAAAAAAAdj\/oh4JFAnecakNJj3aZhGQtlujQ3sfkuGMooEvvIa42NgztrVRsmvSSHptchNMfzB9XtSoRe3JJVMOw84TOq51ohCUx7Khwzf1Dnv5tfEXFJ2KYninJ2dCwf\/Lhp4bUTr3pLe6Tn2kQFJCZPZIKKuUOi0IjIndR2RlxsKUEDyRQvOcLbqVa1PCrETsZn7vnrVAZZi3u8mZv321lz\/v9mNReM+hdk+q8gigOG3yGTSnZuiHsuaq9NMnLDWs4hRxunQnTO6mmCY4m18R78wKjC924tJoRSv7PoH4I\/WahkK7W3Exhv+pPpqWdz2yYtVEHsIQixU2U0n9yOS35zZ\/\/1WnM6cRemep26nGe2LKomIscPZrlSg2UV1ewYuD5d+5wA=="}
00615{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":891090,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"xiwDYGpkxGGLNYKpCABFAgC+AABAAEAGY8\/AqAIREYICLsWRAbsZOu6n368Uu4AYBAC7QAAAAQEIChHf6US1T9NCFwMDAIUAAAAAAAAAAmp2IfLHHbKSxzXQ66EHNzB6Upc+RgXiwFZQtEzg6f0CMeSNbULtPf4GaeCAtFu+V5xUKAozV5S45swR43Y3NNTy\/s98twAqZNCau6i8C+CVNC42RlwSPI1SYdF2\/YQ3RZOSQkneh1zLZZREZxDwDKX0k6ReIlOxElfPjjt3"}
00424{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":892865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"}
01124{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":893224,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":925453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"}
02388{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926093,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUz7IAADUGlOlcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOusqAAAAQEICv93KWwR3+lKFgMDAHoCAAB2AwPVclrs5qQ\/Sx24j5b7zPYzeLlCrcg8\/wYuD5y4WSjHASBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9RMCAAAuACsAAgMEADMAJAAdACDyleVstpAS6tG0\/5z1HrqCZwd8JGTnUVgIrdC22fr1QRQDAwABARcDAwA0wnb1ePwh20l4Tf+pvQSVwpABc7rVlawOWSPd0S3vJvoFt0MQBaCADHcFHjq+h64QjLktVBcDAxKHtp1Vj7FXgxWqnWC8QrzkJbTasHPhAWIz9GeDRX4O8SxWYMgLA6p48Y2nKAoWp1xhz\/5IbLSSuPFbxgK1QMydZbQpl7XG9s7hM6vUOHFxrT1ZFccyH+5eokwBY+ZOcSEhwV86EqDSP1X2sU2l2QMoHEzb\/Qs4nhq\/mfpVluUBZQRNulh6Q4YTErkiBaAlbD3ilie6pMkEmHocEtLglKScSCl0b4O8N9PlNyyU05uxuVB9gMdZykIzX0HNpqAKkeXUj+tJV1rktGfadKiVjON5djWPiTSom1UibDJ5Ma5xkPXJHryCOxj2T3lzAr0O0iny7VP3kVqOexBkp5S+pnNskJfcGotGJLSEj49J5e5T2QKU9\/JpZ\/g\/lijnarGnehUwNRwtyzW5h\/\/UgLo7S7imVgzWKDqETgeXCkfByt5knE43sGW1SHeMIebCjB1MfAYq9Qoj\/Q7OHxAWJPdB1+36VH+z6ofgj7vn2Or3s8ynXk2aaEacv0sy8Diq95myUtLtLCJcTv\/00cbobrzYabFQn7oQVvP76Yg8h1pc7DQiPqWog2\/A0NLjIHNdwlKGO\/uqMVtGE9zBk7huLUinnZqH5fRa0OIf3U+IT0EKyMxb17w\/a3GQUIgW3oa9MVFKSf2D3qc+6Er+ndRecQpcG+31bHEJ7cerriBP+OTmqF8\/ep9tROS3GDbofFpb0zSP3uo1Kbf874LTLCOVhP5gbaMiKMwex0PG\/5b1OuyKHNTJ12cXwI+4Gn9nT0jJ10FyFLnnOHW2d2HaB0q3yixsEgOrXC8obTP68nFYnqV3ffOJYES3kunCJF+e4wpIN3wLx4MY+cVd6daHaDGBsl0vTVdGmMXbF3Q663Px041voKPWNsVtuHo+Ig6QPo8f\/L2w85hl7gYSIzGqg6R1Eky3Qv+Jt+7ysKq9emuzadqliMjRZEJBlYqzf0VXc7C0vBpHZTGGReGYcAWVq6vVv9MCCSFhisUDWs2xrzg52\/zc8lp0hnGopJeuxtnR4mhOF3MU2Zlrg+I8mJKul3LviY3yRZ\/IRffJO0vbBUZ1c+Q4CsI53zp681IjLL+M2kKARNLKKJVlLbE60\/eTG5kVTjeSe3cqeIdiFIs0sWdzeRXu4PRqR8w8KJwUCCqIiz\/ckA7zkYItswHMfu3S9d\/CcW0mQZ6Uw5SbuUakur\/4CnMlN0lLUrlg3XSF\/\/p1BByIHJo49jKA05qZXec9gh8r9BT2VTNrHQEJMBxOZgO5ufwQ2NmXKcW3nG6LmQ3Wb3BgM3NfVDu30WdAf8ojiK0b2z8L4XjVIIO1r5ool6iYZ0I99Z5x6mk\/iOmoA7zYAOa5peEzZHAGOIoa9aFeV5gGBISFFRl5dPLiJlzipW55F\/2liShC1OMMTsrNVKAfhd8Vc7jrssG\/8g6pTRoye4\/juWLCL5zYVn1ygeaTtpXWKvVCAgBq67VzjwnIhN3c8smyVW\/GZn+shbP+cPzxrNgkk0RiyNkbQN8mpltLZg95TF1HjJKLP0o7\/cSQgGdepllKZRZiHP82YtGfQ0x5uZ1xXpYJl6kCr+gyQQk58U4Er4ecUsrTqyg4KSPIf01YOGy6oK1j+sNHa1xnIMUtYabez\/fqunYPykzDcfq\/AZE5+gnrTzZ7+ftOL70m\/pPNmZOpGFni"}
00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02389{"flow_id":39,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926120,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUz7MAADUGlOhcevxSwKgCEQG7xZaFiMu9h5\/rWIAQAOsu8wAAAQEICv93KWwR3+lKWCibgR7R1ynDJiZaZPbzkCvNLTkNSlTuJQcaiwgfOAe+jv6giR33JoqhLo8uVjaHcaRyRSgJZAKlq0glMD\/oh5PkZwiVz\/vLCX4N3Si8dZ08eQtrPzXMd6Ow5UWMFUSyXO90m1NcMpPMoQ\/E+O9+avvWxEEwBbSpg7SYxC4\/VxMJ04jb80RqVNZVdD3wdMlDr5S+asT0gpkDJR+VMqU2+KrNLbaqO5oDgRaYydL2VKTQ33WXDYVxhSZyVixMC5XVq+2IyPxIGHnJ\/VdOR5Y8yjVl2pomUPMduS5AuBHX3Px97Ltg37PXCCVnnCxK5i2+EPWcyrf7mmgzcMFJ7FwDd5+jizX6ZLAJ0DTSWLORx1Wq\/2V7TfV\/\/GXKiSgXa\/i\/2wVfh82j2nZs\/UlrSuVFQDu+qVSa5XD3lQc\/kY2P+zIt9tcIiDPVrhU81sYfJJpAVKUcGf9sTqeR0LMvownWHoypAwZmr9WY1GwT31bEKutv6HNihvypSFKdObLD\/QD3ct2IC+qY5lEHV3moyCV\/9s\/Mp26QdKxlbcQpI+hxMO0PYhga5Pn4fYE4kVqHL6yuYVVitxN3csLXCHUzTUYr6ALe5LApCE\/dJNEIcLURmNq9j5rojaPFWqVCit1Lepuxv+8YuXXKwuYPiFazlaPXTYzWY5rs7wQv8xWjwXt8nA9QyG3Yl\/wA88UhE7UK4DrLdGcuBksvIShYT3YVnRqF+D6DKMHRPRt+ihNHswVPEjP6+H7h5HUXxEAfTARFXrt0TuhvacpA2Iz9Lfmhy+U75QdcYi2KvxKLTUtoraTEY7IHgz1IpcSYTEEKYrKWkt7DdxDaWiY66Rnc275\/rg+0HlcPfRLl8Xn1dHxX1KvUp0K4NP7dzDv5ajOc+yM0Kycsx2FFZSXR1UeY5tQZjlVlmI3dmbYMV05ZVTI\/fr\/qcERsG9JnQdJnXL3FAj6W89P363VOiftME\/WeAFx9gC41recEsuDe\/9lndbSL0U\/VWfuXIFUfUkTuyfkcNadzRoklnpql6ygHODT8GvFHK+GrD19mc58yi7y1Mr6bhaGCs+ARdWR53Edc3j2YSGjtsoCWZl3eOuriaRO+SKqxn4yniOGHF0VnW7D+M8GaeTWoe0qkpFpQ4EW4Q5QoINDUX137huBIs5s2c5DoeYriJcwWbeT549L2zsXrBLOvwTzTscHPRNiXaV0oVaLIg2tKSD+b1xxziFjkCvU\/kd27\/EulFrPmnNb\/wxVIqaWAhteUMYdcOYn5scz26qWOPYE871igHAKcax7QvT6DpuNmYyDnE63f5t1zg2Qw9MMh3I73GUQC8ahtgmxM7JpPts\/CsxK9\/emUl2sF8+DRVrfhJXcfHPLwGN+Lcta+LdU0pVB917YGKMMCzTi9h+59PvifiBx+FRHxhNfaLdRrKPDr9jez2lxQNTOFLgB6v88KxfYUIeOD4QAwNLomOdID7DHmLQ13z0t6dVz2NzWGOg6jO\/KESygXS7mRNKbFhbeKhybngJ2MwTpIqPgLY7fWKBg8JDWvJyLJvBfiI1C6OjSXpLAc7+Mx11+DQ9\/4oF5crNWJCr+0MjZn4TAVhZZWIjIJDRK6bardTjBtqIIOAVD4q\/1iEngGOHOd2I7vXF5gkKDLMLczvXnHTvFSneHEtPeq0Ks3JUIvke0CijUvxzl\/1wE58bvo\/SFCwtpZJhyJ\/rbgQ6xiHa8MxZ0JWLyijlIMInhaQMo4caLK0iwDsLuysuWHrOyD1Z9U87Bg9fmig6EPh9fDT6w2FWGIY9IZEVh0aH5vfFLpIXkOYQtHIVopqfNGN8bqFCWb6V57Q63\/ijWAxx8aJYkKFBYO5XufhpHv1QrV9g2OC2sAL9DklopOYjpyaZd3rzbwF\/7KYP\/3Rv4eVgKTbuoEpd\/EJmZwVuOLXtId"}
02082{"flow_id":39,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926180,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0z7QAADUGlcdcevxSwKgCEQG7xZaFiNFdh5\/rWIAYAOuLogAAAQEICv93KWwR3+lKdFWg2DmVZdxMug6XcPmfjtFxEVFs4eUQric0KdnsvrpMns2mWkWg8s8\/Na4C7zJLgRnsTn+Gl4S5UbpbUI+2Rm2xejqNF44AXSiOp81MslDMgyEL+ZaXSYzsxNRwWja7ES14UacXClShKrYuWbzIdOl\/ma4LfeQbzn3+\/dKhcx6tXq9zpNd43cgqixBeox6d9Y4b\/98cMZJoOljsIC5P48LOWkH4eZArZvxk3LODu0gKi3PGpHPuBGOUgABUkqRCsWkE1P6VJbR7EeT7aHZgDnG6RnrlDWcqPnRQ4fJIm1NLsxLJ4cDrbbUf38QkBwo8HXQaoUdXuwGfuAhhIWdmm\/+OYeWxkKDJ45ARQIcImPKXDdMTtn35dgliIZrtHNeYGDjb+wisr0k\/jq3JMhzx7SvBpICvoxJOMIIfI3ZninPNJuZkuFwlVB0x69D8IW0mDf4Vx0sgHOgQOM7XfkI\/CwVp39DYoMJZ4rrpT7bO7J+PgO+OaM7Y91F74CDdBNbGDfVDSQCK\/QPkBv6oMk2BEzojAjHBqACVJ841RWy8hxfx3R4ikoQvMEmJ3gHpjSawpzrP9jcGOxE4GBsd1NH281r3eNS3e6UYf+oXsSLHgCgKou2B2y7mfVMTxMBi7gGwQ+UPnQjEVN8SW2LOMSOPzYk\/f+eHpZohDLjmgBqtALq3gJ8NITWmNttLUPugE87NQG8+ktt66P6Km83zymLpgsKek1dglbUWZ8qA2u1NUF9A8ybs6WkCMjz31K1tzA2ohNm4Gu5AXgtDA+vav\/NKuqEIPHlr+IUquKPqiet8mTH3TrAzly358d77F0BugrBy62zgDEvgyF7jXUOJpJmXgmhvcJpseqrWszC\/Ws7t\/hcYnotiSxEugdJ\/D\/3w+gdFWoa0Q05LpTvZl6q7a3Vvrohlm1BcZ665Ipafx+xcbL3NnRo6RodFQvr5ZZ\/wcdwR7ays1IpjdKsdBh9MWdtf4PGwPcSn1BocWvUSKX6WU1rIkVyCbmqEgD0DkJXO\/8F8KMdV8xDawM2h7VLfaBH3qcM2F8tMpZ0DJxIMmAfqO4ggqHtysqh7nvjQklla\/jewDCuHOlh9hI9gAkTeyozvBLytUpHQsl8nMQne8ZAyf+69gcP4LEckMnp7vrhmqXUG+AbbD4\/qX8AS\/K+GbNG8KxAIL0LSkR4qbgGO3BxPvEbxceNTWQOtWI4SS34zAgl4jWFwaD6Qi4U0nFr\/M\/Blg8SPe\/QWl0QIDHKxtWPHgC+hIYCFkMNw\/E\/zmr5EvucCQd47gQktNCrG3m0sPuBbxphCRVuHH0K3NMlhtZGmbSCjkQzUmAo4OLO6eWFmurYuKxXrorMJIpzJkQxAw+aDOkiPIIGFrE8g95vm4b96SlM3vtW4Vkup+P\/dj2kJr\/RrNvJcCWbK+IZrZk1ZLuxZDc9H4sEa6f4HLa10BcAz2QaumTut7MYlWERjZ9WabOsfQaK6GLWv9YbY+SErm8x0sHg3ktLkTsn45oAlcNA9JYQC1DAgutQFhbltk4GqwGVnZbvcLNTINnz\/G57t3FCSTl76Ck2kRMfLf9rEZX1xQ+ZrmIaPvQdRNrkgatyIYeG90xWs3JiL8zcldT364BfB7w=="}
02057{"flow_id":39,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926730,"pkt_caplen":1268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1268,"pkt_l4_len":1234,"pkt":"xGGLNYKpxiwDYGpkCABFAgTmz7UAADUGldRcevxSwKgCEQG7xZaFiNYdh5\/rWIAYAOu6JQAAAQEICv93KW0R3+lKVHqwts+n2hFbgaGLvVF7Dz+3Na340HD++BzqwHdjKHEc00qy8GOso1qeodNydi8nUw9jQDV9q4iStYYFh6nmCMFsYAdSAggsbOojM3Mw+pVdMQvyN+1AIMeC0amzBaxj2cK+GakvDT1JwSfECqOcNcVEaM52\/GmxkgjcA81d5WsNySsHZhaprUwKBfS64jR3y8UYVBJF60O37+\/V+xD8RSbFZ4MmhrirukYJuQdgNG5FfWtVKASbZH0BoWRxWTuYYMpBPKT5J3IwJSVeSZhVqJKBDC6otuPYbGA6B2gxTX16lQemhEUZw6YO2\/EF91068jkN8D5r1gFpfT3qNor2A8OYLX39bk6S+kTGfcSzyAECjxH+MQjEkaJHruqjr33blJhmpTlMbu4Nx1f7I5FnG1w9ZtKnskAZ+vnTBQduNhwcx3yzsURsL9WDctY+J9egJFAOANhuBEqwlGoYFKEMpFs4R3xPB6C\/SvclY7yg1V2vqofIlX2jNcYTGjUgEm35dW21maN+JlmCskBuYFJx+feV3ZdavODfqSB9Sq\/Zhik9zEvb+\/9U1YTm\/o5WfYKasGmN8xnF+nP13xXWzsVYgZi4kNNvumxcVnNtYGmpMK5mAbSyEx13ExwmbtP1cXp0hamq41zwwCCm8YI3AhxZ+OYNW5yi1ApF56Qc2eA9m0R1hzx2TSqRzXappHqD4QXvppDuM\/jBbY1LbgfhGTrMzln3iTTDTFZK9toJBN5fM4GbCP7W6QHMTKZny7Os28CQAwgdQroBkkP15Z4kwdKpPdWYQv9llyk2NJwSwoVyO3Sj7yEuPadAE7WvIJ60XRvDchBo+KcYVP2A8x\/DHe71VdegDXIHoHiRS+7YTw8GICsZ8xQH5nx70Y5IvmgmqxppD6NF1jU23hF25vz7WBmhNxtVph2MTnsDuUkXfJwNxY\/Ofzueo8rMBgkusSMUA7tZHKWiH85IraTdOZ7hRSIx\/6IYuVdjHOHxVeSY925HhPMW0XEZSklDCDr2kDBOsErReG81V4VBMoyjr6kMuvkqQtJuGXLIinbxijYpd9xNQUq+gIA2TDO44LOsdSWbxhpOtb8DjPMdDUEIaSTf\/WWFY4A21hbDYXvVRDUXAwMBGS+s4Vz8aqJ6WkWr9Q00QyoTkDQGx33KqnorEUnuAWKGExSPFPPh06JU1\/JGuOK83W34s5XwvibY+zBVIuRJL6oBwqNFOe2\/1rZhD\/9eKHTQOOOABMXIhySGezF\/1N+pntxhY7YbPfsJL52msRIIOEb+ad1rdVuN3iqMiCsrsUSOcGVRKNJkYEJkbalw9pf5OLE7+gFpk4tXtDClyPPBxJ5KKg9GcLrFbaUeWjCswNIk8Q3aUFMeEm5rBToiHjPJBo\/O2GzfeFD6U\/2HBkN6LdNRIfGmcgDSihkDpCJgx\/behqFMjYujscLGhiy5hpp5r8LjXOtcmV3EFgewJe4ljPZRUdr\/4kImy0plUKCzzBhSMm0GddiaZ9JBFwMDAEWOySNyypcmWvyg7cYbXRH9K4i5Mx9pKvDcg\/gQK\/mXfPhHBxM7jc3Gt76qFm2cZ9rPm4occu7+DiruCMcKsRtAL3nTDHE="}
00437{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926741,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="}
00427{"flow_id":39,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":927804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjRXYAQA\/Sh3gAAAQEIChHf6XD\/dyls"}
00427{"flow_id":39,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":927924,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjWHYAQA\/adHAAAAQEIChHf6XD\/dyls"}
00427{"flow_id":39,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934663,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjaz4AQA\/aYaQAAAQEIChHf6XD\/dylt"}
00424{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934682,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"}
01124{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934804,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":972842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"}
02379{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":974332,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUb4UAADUGqHxoST0ewKgCEQG7xZdpIXVcwXniIIAQAOtKGQAAAQEICqCtIgwR3+l2FgMDAHoCAAB2AwPMooL+o+XRHDh3LmPZe4GWy6glKR11iZpshv\/b59HzuyDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGxMCAAAuACsAAgMEADMAJAAdACBE0iKjE3XawMWAJNCW4b7IWCu3FeOuIVKOTQaOMM6rIRQDAwABARcDAwA0Y5HFUWCr304\/9L75R71DhwBs\/vRA07JU288nPupmA\/Rlc2+scIQK\/FZmUoJdS2BmyD839RcDAxKGthdzXZHBmQ8sHOFJbIBP9rgS+WgHJorSuu5zwZDN4QWckoden81TrWI38HWIzl57IuJ4m9H4nvohoXrNHgd5o8nl0OFnUy10UxyBVIXu9r+cOqdRt13flo\/uTLy+vCXsLEFj0rhxume3NI+GPZLmOEfchkUyEr0EvXWmgwxSQuNB3\/AHKNnnuwxyOa9ftHjxy+aSlXvEYda3P7rcACmjJbrfNOmoOgX\/VZdIoVuyqh15aa\/N4idJndBIIpUYC6SeuqfwBVDPu49ZSwI5cTccl+3LEYe93lEfHkaCRR8m75hmVGHnWY2RygzUbLJv4ypqTbgnHInpGY8+GWawPOY69I\/0hgTm82gkZTed1+uRxPu1yyd9+VJC5AvZQjAVw6E8OcjOiNj4MXtslnZX8Ga8CMdhrzMqdxCMu4oZQLeuogLIPvjJR7GNKWB+tTGwIfT3eLYESQm2I9BA5WBXDLmbPFsRrnQP2nqzkomDOM\/iGBAnTkWxzkn6Qx\/uJFh+xgTeMMSVYOhWWj0rmu5kWwVROPpL9aqXSQkliGl\/UedAP+amRonHJg+8P0UqZG+h4svz2jQZpLINc7jMzKDRUkn6GlYeEZBwFu\/v+E5WRYqYppyx9ACkzL\/+3EOOY+5222CmscCwmDM4phMqyx5KBnf5P+BwB6XQdFP2v5rUA67P7fVfU7DaEFKEgZ0Eo27ux2tnj+ul6EvdJt2xxORfGSvEqJYM7uBNDOti1Lw5jgWoSrIVKqMdZ651\/Aj3PMuwQe1TtSm3EEyaQVtdxWNan3LuHOI1lGN+KlWEjtdatRHlbhQjQN3YzvSTNlBv085UrYPjMrObeb9QUJA4s3+1O7k\/su2VJAUOTsLG9GEtaexuOa\/tIXLetG+c6cbzHIotrQI3HajqQnZObirzA8yYCdq6+nwL7ZKbs1QLM19W3cIpwA8EGID6HewrUhihnMxahkUaypRIprjH9o8pS10VbJzrDceJCKQj2mjB6d8B8F4jjJdPkXEfCQRcO\/QbPdW7wAyuOwobvQ\/aq6V+LJ0NKJI1RxTBwFjT0zhBhEGonqVgSnv37K0EWRU4r3FdcPhPrJmXxeHmrKjnbI8n+77Nas3OIeCuBX6ixuCnVNKbCE7DHoLQIO3H29a63nio5Ri2in7NYQMnAzWEw5GZ+2JmshSsiY7CXZIjKVDvQQfQzcSsWMv\/2n1mu6frX9Yc0p4eUppb6S1DWHY9A3rXhD0gfh5qT+db+93lIZAVBaxvUWSQ0\/rcTkkRbki63qlh16d+Gc+oDwzsbxBBH2M8dUhDkJ4d3RBpPcLoFwoIHtLEwlnlbiDgOoxuHyurCta7otcuQVC9OSBTd+GLqTv6BLY+QboQqRHot+KaSUlr\/cPdpyPQL75RL2ZMPtKxlYjb9z6qqDpMJcFJnvuF2+dgpSdpWAnEoqrnEqp14CRxchlCsDnF0eriLt8Rogu8zoeB0q53wWuIgJvgNLypKN+vwga082jJTpz1pS+sWPKhvabqBrwQlshJzFMOL9gzWPlyugOf\/0gxshHOXrWIQTs4SAS73BY3CrU\/iCGu45WxL0WEs1YEtwm6j11Hp5OYHtWw7tc\/OreSKwRZMFlRu1zoHRF2jilzhf8Zlreethd1FrkasBIUffRp7CtM23rMhL3kHg2I"}
00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02385{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":974476,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUb4YAADUGqHtoST0ewKgCEQG7xZdpIXr8wXniIIAQAOu+OAAAAQEICqCtIgwR3+l2I\/FGECANFGDfmllYaZ\/GlsKlYAN75mA1lbNj8YpBwyr19rIgtLk2IdRg\/VCJsIPnLeQnE41IVlnPN5DzW57mCY+jMGbxDKGvPxVWRzJ3mK9SlzMDtC8lBwTMomMHeCmWQZ7epsXyvlvC\/MSeVJSDT1TlIPzfiuxDV5YBxn+VtAIDGOJ8cXy7szNxDjbUE161l8zBjl\/mIWUobCzZjcKqryxBb4ftavjy0wOhWQKIc3hZDMV355NusDwC2pAExeOlQ1QIsXa3K+1UiBhfSM9blEBa3ZhteWNxs1HiyJDIK0YzFX\/fBxsLgOB8C5i8tHg+lZdRserEQNugioDRz\/BtPo3esiD2G+0x3l0nkepqXhRviP4n\/s5z6w0uYQexjr3fp\/NBjOrocsPHHl\/7ESn3GaL\/8U9Wnw\/X3S3C6S9qCSOtUiqB2FEX9UWOhPInKWmQQwzirjC7021ak5nS3CsdctNp9\/4BjBJMr1jAApdYA9pxl9HW2tzi0jZttjZAGox5ha1wlAGDANxAxGq0Tsh\/3QUSwZsrRdH4WWmW3r0RPNGJQ5wOS8jcPpQ0x\/hEgvoUE4WFoJo95YdQmkBO1a3AqTcIYMnWfVqS2mJQ+9MFI6SMHCB9aWgC2a9HfnC3Gw\/4QXKIzWJeVE8jQbRpxQKUuGnKdc14mSplcw1yNSAYabuLvpA9RbnD5na4gfrvh0rz\/oAJiKTSpSOTTAmB254GakTRCDrX3SGZfwXjawLavtVIHn5ESvF5pFAdXDbsuYfPP+3LNTkwJBwNhrImMZ0B28nwTciFeh\/Kbm4ZxMla2NwXE\/tDSDF7qVQLbrshXntadxWLQBdeFSEYOCJqz1O0ciLX2C4zXnBQj87r1cZVHENyqtM3tPTSIcs4jR6kLc2bmIiUdmjbZmDd8OqWXtdYOVGU\/VvxrII2UmDpIL\/If8oKeH\/fIk46rwcFYxKWbrgj5htUGkWBLAJ7\/e3I\/catAtLwVTcW7Gz8kDvt7NF4t036tzz32YG+GTMaomMrxXRzUK0ZSx\/Q+9fGdRPQQ9r3VF71ElFNVeZi04f\/PLOhOIiqKalVraItkSTOO8PoYjZ7pC+4KHI\/4UfU2CN360vTK1hypQPLklm11OuTrWMzjlkLLUNYI7j8TF\/TyfeYnFNtL6VIEalLA4Du7nZcmGR+wtB44l+n6vm6kXJRQF6e4dYToqFnH8M45AObpX4aY9E0XOngqMUG3J0VWXasNrHlWirFG1u3S5DsDGZrKTvzXgkKHBnmzCDaVRQ3rQHzRSfpVL03j8wIowpHexLpmxBxZ52lUThll4aK43wPburg6lClAK2VHcGGOLrXzUkmT5nA4EX0FWyBwgiMfVK4Sl37BX4\/b4KvT5vAEdoD\/6FNTXuwq7dlOTaFmNunkTADRKeRxM61x92EInz\/itlMn5+4jaJviZSiEswTMvRAmdMibrkrG0rM8iYfNM3xXfbj2IPUpeEpyO3e2wIPZ52TyfAHbwPzhCcw9XfTQAlXJ7hQToOOQ69cEh6s43Y2WJWlFMTTwoPvJ\/WEPLJALN0MR1hMmtOXYjdt2QY6nmEwkemdB2kKeFcEwOQEwekll7HsDskh6dU4sKGmBgsZrTJg795vkJJYvs\/aLieZafSfAGioHjQyFBFAZe0+MTp1xKrcil8uWDyS8jtuyqLEo+u2clQZm2pzJPWyfV9j6rl0jd4rr558jDp5PbL3brbWse4BtaZDDl+YMMUxojs1Ximf7\/N6ztuvYwFec6WZyEW5GeZnu0uq81OhDRngArRRbNpSd+QBQ7M3cMYt22sFh3P1t2iwWhfIihY3cy3YaIpH0yyfp1zsGJATdoQyIw+qTDYdTeRpzbij6BQ2vYBGsmePqHIT3A9IM1Omh1QHj02YqRWt9entO\/UvgbyHq6hUhqOe8kYP"}
02090{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":975422,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0b4cAADUGqVpoST0ewKgCEQG7xZdpIYCcwXniIIAYAOsLigAAAQEICqCtIgwR3+l2LI4ujdaqnnl1QHjG+GVIJ04tcZkDpM6mOpXtqIuE+0L676bvkxwraC4QMiVRVVVxh+zqRGjqdKruAubRmhoVaQEYytIy\/q\/PFlncpuSTglmMIjyjQb7EZ\/MdboBVOvUqXY56Rq0Nh\/TDeceAwdNTwSUOsVAidDoSKltiCZwlKQ7NNUql+EgpDEkltPwlhZnxl2D534+11P0rbqnr6g+FBcniShbxspDpvDXsPgLREXJTRdKkV5vJE868GDVGRFQGtUGBNDQyvEGigWTIE10dMaBxeqhCpCt0dtG8di1TAL8FFG1k22fLkUY9rQZK17IKPwL2cvYMoh0z46yOiSL\/Nz0WsP\/97Ot9l7RrHxKgW2vs4yQxJFyiSUSMd0+F7yJhVc9ptfPgB+\/sHR2wKPY2KE0ESxnW2y3quZGTwpvizBZmY+\/eS\/mJ\/ZP\/+50ElQBqZBqkNNVns8ew5qN7JO7YmHguaWgKpRT5qsQi5cbkNJxNv8qPiBAw002roNgRLiag8ixbTkxZYNzklbXjqLiWHpy4ArzyYryJ1xjj7tSObd\/JXfhrU93MpV14eH81VXviKY+K5peJwugODCluebWPdrtbIKul0gUFgTLfPToCNNJJYVMyziwGuBpjChp7KQa0hLJLOSqcq84JtcOrJyTy5HTnOzfMxdXEXpTaoOVRPswFciEXeopOPeOjskCM0\/bd2XbtOZcRQ3B\/4Iow2hQm7khTdXdwfLYyk7rVMONdtrxDOLrOMVGOq7VWHT2zzfW+pBW7twE35d3zYot7WXa58VY9eA6Ul01kyb7xAc02yFkxyMkT\/yzNhZeqc4CSkN\/uNhRhin6lHu2\/mgl4sSTH971gANXfMzvcCHHA3Pl2\/4j2YSu1I4jTme4\/Q5h7iP52anq+j9AeyLfLaQg6ugxcrzJgef5QoZnwxvsoTE\/XQh3Ul371uU21aEphl54w4bGaISCNqg6MzlD4SDEozDvhh7SbT1XchNlggrhgD8pXMQi8q\/EZVh7uI8OTK4PZyJDV9pG\/OE\/JwsxjQRPqmg3eeBVbf0YMe7oJm7si4I\/uY+FIX09i7t8HwldZ9kvCudqrjJoi1A+KlPM\/gKjNpP6vvZ+zKJFtP9v9pIOo1X5sldlmxfMdzdTAxPDR+obqN+z6jt7Z4UMpvBesBFAdM\/UTx6yMZEW4jpbgbNXRjbdCrQr0glnTBS5CeBGOcLLdjeSO11IRv31FecjH42Hb7a4NJ1avbhh8p7Wp+5\/jsZl\/Drn8ihwHxozVxLElPDzWWNc\/gBKR8eoPXapa9Sq0USmwlSvXDf\/OoKYUI6VenzD+rNynvCy11u\/m4pxUr8TPETcafordxTZr1yTSqXWHq4G5Ny1wpVUNCaU\/ZhWnlIDC7mvAcLdoyXAzGdD60oe+9c2svi9ia76eQxQYTBLCJ2z7vcQhLllZRHlyhomGJ55bhk+wq\/NQjpdhe2Cw9BpATaNSlmBToQrtIuQfFMOcatLAs\/3thoKrF23jDv1ZkOg\/70d+eXkMt1f4Souoz7smEUFvRz4Qbhui2MJGABcIVsRj7T0NcGRRYoLVQuc1vO50koNUVkuQBd9pIE6Ti\/QUa3vfbXahjTgXkaIKD5inJ0QmPA=="}
02057{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":975673,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"pkt":"xGGLNYKpxiwDYGpkCABFAgTlb4gAADUGqWhoST0ewKgCEQG7xZdpIYVcwXniIIAYAOvodQAAAQEICqCtIg0R3+l2SkTMBPp\/p8lFXhB0RlPC1zHPW\/PIUL4j76iX6n6QYzn8PuDG5PVvh8BwHMI4V1U+oYNViNIjWKAouQrmvIzxzYfBKGCwbC5AC73Kbp56hG2kOc1ij95iGfR0mKwjHDX8hFUPJDiGZOHWgAVzqOChlri1fs7g3ZYZKcH5FfCQWdiFyXgusOVOBCNJdKI9fcBXCKnOqC2v6UqGhPHYpT+XzsdUj5JNdR0ftswO5Of3ReTqEeYwIfTYxcWqM9nLx+KL8DgfIwoaWiq\/OZjCpbZo6zKvUMXsfJSBnYdlnqOLZaxuYbfAMTuBWsAsxgS53fcNN\/Upky2Ni3sh5V+55a\/ahSRzg4olT3dADw8CZqu\/GtianrhdL51xVyYT44wb9pyTb8LZPXSMrr6VXl+Z9Fg5RlYabXQwex+iUfBjrbJBVwgbAm0o6y2mtL\/o03aKC3PEUPlyBOhHPDjTl+vED4ARDYhZxSY55roVOVW7oe7sfWY1m1MuBkGx9CsxmahbUd5lt13K6F5mZmjQt\/if8SoMOQzwVBiJdSjtVcIh\/VPn7KaPiHy2JAhyqW5eSBuDmPPFfSDTFiMqjeVuGcyhDTJbkcghRhbmRbgJV0\/TMZ98Uz4WyhwNh5hlAaNTM3fQPYM635ZRyfNAmz22nQhNpPHFIGqFUOlBkeShcZk5DR2RBMbDapOveTbXMOqogjugLs6klwckMH8JajAiB9JNPmlOqD\/R723da2HMNwv03j2rXLxkmn1k8XYzYjbOXHPbo9jyIHVIc0AvAQvG\/vTi3TuPq+js859l2ThyRIkD2PfLvy8S3LloJ+CXbLN3zvTwjUDaQhGySmuEtbVs14gO47IiDEMtJ6yrLLED1EeLsfSvFia4wpkbkLsUeEscDNfKuQXv8dB2DB4Cf8FYkRhH8uUxDIPG30dqU5yaZgjsoK2d9mq7n+9nhnIw9NMYsKsH9faVDWIYjTN43ys74ys\/9O9\/jKt4TjNEYHSuI1E2MTUigi\/M28POxLZt8WxUMTfeDCN+iPIpZsmBix8UiRT193+Cu58VfYxBgnIDsj3aWnSQF5hhYLxY9vTawIjSGEA11Xoou+EzppnB9KRWorHm4\/BB4WSAsh0TFfClwRcDAwEZhz4T\/o6hJ8+MJ+GbkFndgmAi+5nbHUxRm1n9b26OKzVAilYMEDenug\/R6dFZW1M9q6dDXE3myOcE2UY1HAw4HIt0petPKp64Ks1JlIPuDRs7H1od+iZRRVYQ+kka\/AxlcDbnKuedFi4ejjk2yu4EsdeYsKb1vtYPjXf\/mZ09UGZ178HwJiiQ35ZAfZOuUOpd+DdCmfg8U9O10vvtHGMdbWTT6IeVf\/buZVysgsSyd5IJAbG4fyIu\/9JWIzjgu6srksEbSXBubZEAeN5LXvl98pM5t+F7zIFxDMClFa1UN009lGG0kKxKJnl\/qxLBlbvlfNhlstJEYhAOnyhq4mnrxBgPgX9Z3a8I3lsQeyRTWtMyQx35g77nv+YXAwMARUkF2gTmEJhap77m1u2moMldNHQKhjkSi8LmvtnICA+lg0fSDVQypIKelfheKdBqM7aRtFRKUij8biFHcxoaduQQN+P1NA=="}
00423{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":39138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"}
02357{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":41842,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNCsAADEGwe4R+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6tqcgAAAQEICuksLLMR3+lTFgMDAG4CAABqAwO7poHEiZGdt5nG1\/7SAD+r0GdtucyF0vh+YzewrO4OPSClK3iRT7eLvskrEVxFxtFlnByi1SpNpDW\/fqJcGELTFsAsAAAiAAAAAP8BAAEAAAUAAAALAAIBAAAQAAsACQhodHRwLzEuMRYDAxVfCwAVWwAVWAARDjCCEQowgg\/yoAMCAQICEBKz1lMg7SG22flROvhDB1QwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTIwOTE5MzUwNVoXDTIxMDEwNzE5NDUwMFowXDEjMCEGA1UEAwwaa2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErG83k1xjqzx2HJwbRJIrhyp7RWAA1e\/vewDf10hGmovZaWZ\/kY5JsBgNkR7\/W2Go\/KjtdzOHXWekyfGK9ZhGEqOCDoswgg6HMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAU2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAChihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsGAQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2EyZzEyNTCCCasGA1UdEQSCCaIwggmegh5wNjIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0MS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDk3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzMi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzNy1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDY3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNzAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2My1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxOC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDIxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTcta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDE5LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjYta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA1NS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2NS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU4LWtleXZh"}
00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02349{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":41975,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNCwAADEGwe0R+LlXwKgCEQG7xZWfE+fGqBrg7oAQA6tWTQAAAQEICuksLLMR3+lTbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0Mi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDEyLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDI5LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzkta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA3MS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDIyLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDY2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNjgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CH3AyMDEta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxMC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDYxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDE0LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDQ3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAyMC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDUxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjcta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0OS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDAzLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAyNS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA4LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwNC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA1LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMDIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwOS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTkta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2NC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDM4LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA3Mi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIaa2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2OS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDQzLWtleXZhbHVl"}
02356{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":53106,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNC0AADEGwewR+LlXwKgCEQG7xZWfE+1mqBrg7oAQA6skGQAAAQEICuksLL8R3+lTc2VydmljZS5pY2xvdWQuY29tgh5wNDUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CH3AyMDIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA5OC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDM0LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0Ni1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDUzLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNjAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFLxEgmvHm6nsbbjLysXEuJqWCBf7MA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFu7DGfUAAABAMASDBGAiEAkIFEOLmDgEPKS\/Qpn+gvcGdVxwZh2RtwPBHxJ6l3lZICIQCi00a6jwr6sbV7hj41E+jnKcqu5UEnmfLZhfz5CQ7R0AB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbuwxn04AAAQDAEYwRAIgUv1EqowTKT9So1WqwIOGA3luY+tL3SWKbLJ5cDEAPZsCIAnj0wsfLGUUwOk1JvoG4dMKD20PisAthmJ9mcy1g6p+AHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFu7DGfJAAABAMASDBGAiEAgDmxo+Q8kzODiinmd9PriF+SwytTJ8xotubQ8RpQ2McCIQCaEFQmEG5tYUIjL30LXQcO3J+Y994aQcq3axIYhoDfrwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbuwxnyYAAAQDAEYwRAIgRkoZMZEXrpwXPnsvnJkAevr++WLJ2Sl8f8VTNrC3YfMCIEYJxKprDDTVybe4\/if7LN49Zos0TQoX2deXSrNcLGuAAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFu7DGfSgAABAMARjBEAiA+sgoY+ev+ZPPxMV9CLh6j19CXzFQyTd2yIPppwu59YQIgZzz1mA0KMDkiqnDf86dpXkA7Pd8vP4REv7VQuztY+7UwDQYJKoZIhvcNAQELBQADggEBAKE+nH0I6j5Rp2v08ysAeQf54YYbOLwO1CWWMdpTpZReAYxkU9UYaKnRGHS\/EILXyUXgNTXoUj2Yce4hPDltHwjy7tNZHLe6rmKQfXveN4KZ"}
00551{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54356,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WUAbuGKOzJAHfoQ4AYBABCnQAAAQEIChHf6ZBbEwgKFgMDACUQAAAhIL1bD1d4gCPrhXuI+0HyQ836+EFHhzg8hbOYWEtlXXlqFAMDAAEBFgMDACgAAAAAAAAAAJqD4mhUi0lPlD7vEeTtzw5MOqf4EnbHOHobPXgamAhn"}
02369{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54383,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNC4AADEGwesR+LlXwKgCEQG7xZWfE\/MGqBrg7oAQA6ujXwAAAQEICuksLL8R3+lT3JbzYMyEzdUS4cWlKAF1Va5SsBGwHSECU3X1KUfmmizpejSqEbJ67kcmIrDmdYUD4k93AWtuXEn\/ebhInrwt4zYV1gSPEfAI58yKWHpw4lCtKIhwHiW3WJnFH8fipGLpEvTPrV8w+fdRiulKuFrYa3mI3jZk2rWsShsw6AzJ6GQsK71JsSJig49Kwx+fHJLt59p6XFPbpeHKfRkXPd9aOmNYxmsXjVMqsOh1IKFx3hQABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBTfpWiX6YNWmPkhXKUgzCvG1tTdaxgPMjAyMDAyMjMwMTA3MzBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQErPWUyDtIbbZ+VE6+EMH"}
03513{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"}
00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00425{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGAnIAQA\/T3cwAAAQEIChHf6fCgrSIM"}
00424{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGFXIAQA+vyvAAAAQEIChHf6fCgrSIM"}
00426{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGKDYAQA\/bt\/wAAAQEIChHf6fCgrSIN"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":65380,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7Z5IAAP8RzrzAqAIRwKgCAfLQADUAJ+lbzwoBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02352{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":65540,"pkt_caplen":1488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1488,"pkt_l4_len":1454,"pkt":"xGGLNYKpxiwDYGpkCABFAgXCNC8AADEGwfwR+LlXwKgCEQG7xZWfE\/imqBrg7oAYA6vhjAAAAQEICuksLMsR3+lTVIAAGA8yMDIwMDIyMzAxMDczMFqgERgPMjAyMDAyMjMxMzA3MzBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEApZebgvP4wt2xbRPNgeM6QR3gnlBNoptTaV3Js3+f9y\/NNkepdWzwj\/W+QJi3ARwE65kCC7NPaNkRI9IIJYGetMXuOB3pgHbCn74qb1fPPW4vS8GsyQ1TUAtBzJb\/74uwI7iz\/Pdywa5tHHunCWTyJTdqZljxf\/g8kmZIDqE1V9ZzFLmCU22z1KXs9bw31F\/nDH5\/\/o4Ko0xO3SUA1mzMsNXWVY2RAqfR99KlV25B+KXVmRjJ0czBR5+SPq0GKCxx\/TD4dLcVPilOfYqqvEkKb+EU6Jtjg6Bgk\/rMnJ8xnFi4PcGVOxRzVSoiSxJ2SQ1B1ZJ\/G5iwD0CcR2tPkxPI3aCCA8swggPHMIIDwzCCAqugAwIBAgIQDLHVj\/lAOV9FbdPzoVcFXDANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjIwMjA0MDQyWhcNMjAwNDAyMjA0MDQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBOTDA1MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK40BJ6QeZqLnlrYADxY\/Zwtd1ARo0pyWY5B+XnMConOSB6Dz30KU\/8rtcAwCqTi2qaUYnzNveRaheyicLRVkBXal0yMPH5fNa3fx\/XY9cJuf5hNDchr9THIn50TVUFluMHOjEW8fte9LX8XRoftE5KtBZfZkxFBtFdNm2TogfGvxv4WfWYZuhp5Iv5ZrHlmRZCJeWHmxgIgqDT8nbgB9ET6Pgqi9ciKBTj6PUeaHo\/JibORWlP3CpGEYOm5Q6UJEt\/q95U9YLAOzBuF\/Hzn581aFs2cHFP8FYiNosCQfV1wuXAdzh2Mr44S8yOoXorZ7fHnpzPTP2B0U5t00gc44GUCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFN+laJfpg1aY+SFcpSDMK8bW1N1rMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAMdRMNlyCvP5UZNuXL2VAMf6ODBpBD+52VO4euXzAuekgLXMkraNpSS2NyeN3hEg9FNng5iKcfarZ1\/tiBTgrsguljII73ED130njJbUR4\/Y28F\/UwE1jDQ4jjVAG8DCRhL+xX5FTGWtY\/SoPxHwsdM1+1hgEEQUoUoy903+nywjqyYHwEXHQsm3D7WxJ63+T4ECkVjoGsLcvOopAhq0tDhB9BM5JTxKpfATSZ2dM7Jnw4zgcXx4aWKoHEDE+R531+Xfw17Q5razmXVEkeA18KzX9AhQjaiXUIHWjrt+1QwWi23AiBLtXLwJqSg7XgPhLXGz9T5+dcopG0PxnlPnwyhYDAwByDAAAbgMAHSCQbI7PnYpErN0cAE7Hh6VOF6w1VSHwsD+VJyZQ46dJIwQDAEYwRAIgL8GQ\/LqWv+tCZr2WqWhDqo+3\/ZqRDoO3RINXHqNeCfgCIHhwrR9TpE5nNXgnvLrmXNLJKO9BzNWtWborQ8Q8hRyMFgMDAAQOAAAA"}
00425{"flow_id":38,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72879,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxPtZoAQA\/T2IwAAAQEIChHf6gjpLCyz"}
00425{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP4poAQA97q7QAAAQEIChHf6gjpLCy\/"}
00424{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72948,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP+NIAQA9LlXwAAAQEIChHf6gjpLCzL"}
00424{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":73060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP+NIAQBADlMQAAAQEIChHf6gjpLCzL"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":73352,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7y\/EAAP8Ral3AqAIRwKgCAcs\/ADUAJ2vSdCUBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02057{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":77950,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"pkt":"xGGLNYKpxiwDYGpkCABFAATlb4kAADUGqWloST0ewKgCEQG7xZdpIYVcwXniIIAYAOvoDwAAAQEICqCtInMR3+l2SkTMBPp\/p8lFXhB0RlPC1zHPW\/PIUL4j76iX6n6QYzn8PuDG5PVvh8BwHMI4V1U+oYNViNIjWKAouQrmvIzxzYfBKGCwbC5AC73Kbp56hG2kOc1ij95iGfR0mKwjHDX8hFUPJDiGZOHWgAVzqOChlri1fs7g3ZYZKcH5FfCQWdiFyXgusOVOBCNJdKI9fcBXCKnOqC2v6UqGhPHYpT+XzsdUj5JNdR0ftswO5Of3ReTqEeYwIfTYxcWqM9nLx+KL8DgfIwoaWiq\/OZjCpbZo6zKvUMXsfJSBnYdlnqOLZaxuYbfAMTuBWsAsxgS53fcNN\/Upky2Ni3sh5V+55a\/ahSRzg4olT3dADw8CZqu\/GtianrhdL51xVyYT44wb9pyTb8LZPXSMrr6VXl+Z9Fg5RlYabXQwex+iUfBjrbJBVwgbAm0o6y2mtL\/o03aKC3PEUPlyBOhHPDjTl+vED4ARDYhZxSY55roVOVW7oe7sfWY1m1MuBkGx9CsxmahbUd5lt13K6F5mZmjQt\/if8SoMOQzwVBiJdSjtVcIh\/VPn7KaPiHy2JAhyqW5eSBuDmPPFfSDTFiMqjeVuGcyhDTJbkcghRhbmRbgJV0\/TMZ98Uz4WyhwNh5hlAaNTM3fQPYM635ZRyfNAmz22nQhNpPHFIGqFUOlBkeShcZk5DR2RBMbDapOveTbXMOqogjugLs6klwckMH8JajAiB9JNPmlOqD\/R723da2HMNwv03j2rXLxkmn1k8XYzYjbOXHPbo9jyIHVIc0AvAQvG\/vTi3TuPq+js859l2ThyRIkD2PfLvy8S3LloJ+CXbLN3zvTwjUDaQhGySmuEtbVs14gO47IiDEMtJ6yrLLED1EeLsfSvFia4wpkbkLsUeEscDNfKuQXv8dB2DB4Cf8FYkRhH8uUxDIPG30dqU5yaZgjsoK2d9mq7n+9nhnIw9NMYsKsH9faVDWIYjTN43ys74ys\/9O9\/jKt4TjNEYHSuI1E2MTUigi\/M28POxLZt8WxUMTfeDCN+iPIpZsmBix8UiRT193+Cu58VfYxBgnIDsj3aWnSQF5hhYLxY9vTawIjSGEA11Xoou+EzppnB9KRWorHm4\/BB4WSAsh0TFfClwRcDAwEZhz4T\/o6hJ8+MJ+GbkFndgmAi+5nbHUxRm1n9b26OKzVAilYMEDenug\/R6dFZW1M9q6dDXE3myOcE2UY1HAw4HIt0petPKp64Ks1JlIPuDRs7H1od+iZRRVYQ+kka\/AxlcDbnKuedFi4ejjk2yu4EsdeYsKb1vtYPjXf\/mZ09UGZ178HwJiiQ35ZAfZOuUOpd+DdCmfg8U9O10vvtHGMdbWTT6IeVf\/buZVysgsSyd5IJAbG4fyIu\/9JWIzjgu6srksEbSXBubZEAeN5LXvl98pM5t+F7zIFxDMClFa1UN009lGG0kKxKJnl\/qxLBlbvlfNhlstJEYhAOnyhq4mnrxBgPgX9Z3a8I3lsQeyRTWtMyQx35g77nv+YXAwMARUkF2gTmEJhap77m1u2moMldNHQKhjkSi8LmvtnICA+lg0fSDVQypIKelfheKdBqM7aRtFRKUij8biFHcxoaduQQN+P1NA=="}
00440{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":79456,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeIgaSGKDbAQBADVtQAAAQEIChHf6gagrSJzAQEFCmkhhVxpIYoN"}
00495{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":87463,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnAqsAAC4GBOgR+LBLwKgCEQG7xZQAd+hDhijtJoAYA6tmbQAAAQEIClsTCUoR3+mQFAMDAAEBFgMDACgAAAAAAAAAAD87ErFixIfSKGvShDbE2CGGHRjTt4qgrDktrKCv\/Wte"}
00519{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":87499,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAgB5AqwAAC4GBNUR+LBLwKgCEQG7xZQAd+h2hijtJoAYA6segQAAAQEIClsTCUoR3+mQFwMDAEAAAAAAAAAAAfwyc93ypSXSjT7YdleqSnSyI0t8c5f2umgeUSuH8pWwUNu+iwqsFST4AgZMD0zyauNYWp1JtmPL"}
00551{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":88616,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGrFzAqAIREfi5V8WVAbuoGuDunxP+NIAYBAD74wAAAQEIChHf6hfpLCzLFgMDACUQAAAhID1HH9ZLXe0svMiqOnBTSWAPUkzpXcDUWC8aOSS6gF9OFAMDAAEBFgMDACgAAAAAAAAAAJ5LgJBalXs2sm1ZwfhdACugHFBQMPLQgUQIaN4IzD12"}
00425{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":89093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKO0mAHfodoAQA\/9qBQAAAQEIChHf6fJbEwlK"}
00510{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":105084,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"xGGLNYKpxiwDYGpkCABFAABxJf8AAEARzxrAqAIBwKgCEQA18tAAXXwrzwqBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00510{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":105212,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":225110,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"}
00433{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":226094,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4qKAAAEABTMLAqAIRwKgCAQMDCZoAAAAARQAAcSX\/AABAEc8awKgCAcCoAhEANfLQAF0AAA=="}
00437{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":259226,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="}
00424{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":261184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"}
01126{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":261304,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WYAbuypew79Fp1GIAYBAuhcQAAAQEIChHf6p1bEwn1FgMBAgABAAH8AwOqol5kmYHgPoq84\/\/Da6\/5UhNT\/nZAKlLwtuCLeOmg2yA8i7r3+6nZyxj+LpdSSvhjZQ\/dp+uNkXD86w44FnW6iwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACADkr8qMij58U130ShRmVJ57YHqBPAcvleuo4UFzSZLegAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":293969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0rPkAAC4GWs4R+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6u6vgAAAQEIClsTChkR3+qd"}
02359{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":295578,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPoAAC4GVSsR+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6tlsAAAAQEIClsTChsR3+qdFgMDAGgCAABkAwPX7gAm84D8OuuqPl9tBROrt5QshMSJP1EHjo5aUTKVaCBSN\/MBybPtgRt\/18Vcw3C1WAtvbt2+1kzoqF+efbFN\/sAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02369{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":295682,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPsAAC4GVSoR+LBLwKgCEQG7xZj0Wnq4sqXuQIAQA6vs+gAAAQEIClsTChsR3+qdMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
02367{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":297969,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPwAAC4GVSkR+LBLwKgCEQG7xZj0WoBYsqXuQIAQA6sQrAAAAQEIClsTCh0R3+qdeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01122{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":298024,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"pkt":"xGGLNYKpxiwDYGpkCABFAgI2rP0AAC4GWMYR+LBLwKgCEQG7xZj0WoX4sqXuQIAYA6smxQAAAQEIClsTCh0R3+qdMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwBzDAAAbwMAHSBXsu+GV+y6l0vzfpkIZ1fKAjMWWfOp8JyVnlMAUByGDQQDAEcwRQIgA4Tzv13CT3BDjyxEQnnKbRx46Ioq7rc\/yzpsH74bthgCIQDoIolgzbEnT8BWjXTqaKdc6geCbEf7Aik9lFGXPL6bNRYDAwAEDgAAAA=="}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396067,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"}
00482{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396209,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00515{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396633,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00426{"flow_id":45,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":401539,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuype5A9FqAWIAQA\/SupwAAAQEIChHf6ylbEwob"}
00426{"flow_id":45,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":401936,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuype5A9FqH+oAQA\/CnBwAAAQEIChHf6ylbEwod"}
00556{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":409215,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WYAbuype5A9FqH+oAYBACOfQAAAQEIChHf6zBbEwodFgMDACUQAAAhIPdiwyj1I6m4F7av9yBSV7JBAs1bbY3G5JfBek2ejyNdFAMDAAEBFgMDACgAAAAAAAAAAEwW\/\/KAh9P\/tQdwoWQmHSmK5nrXXG\/M6ic8CcWTXbGv"}
00497{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":441363,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnrP4AAC4GWpQR+LBLwKgCEQG7xZj0Wof6sqXunYAYA6v5LwAAAQEIClsTCq0R3+swFAMDAAEBFgMDACgAAAAAAAAAAI3hMVQg2deXwKW1to+3OLQwi53\/\/iOpKO3yRrz92EeF"}
00520{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":441376,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAgB5rP8AAC4GWoER+LBLwKgCEQG7xZj0WogtsqXunYAYA6uyIwAAAQEIClsTCq0R3+swFwMDAEAAAAAAAAAAAahZpiRsxGFaiStkfVsksJvAde8o0oPOAKemhQwWDE2QQVNrlmJ8oGhiAOiiFJTH+QHlpHA4KQWh"}
00426{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":443080,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuype6d9FqILYAQA\/+lsAAAAQEIChHf61FbEwqt"}
00437{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":568888,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACxGGLNYKpht1gCzl3ABA6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQA9fgAAAAABAcRhizWCqQ=="}
00440{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":585460,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="}
00425{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":602893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"}
01124{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":603102,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGvlfAqAIREYmmI8WZAbu9h96y\/4UcMIAYBAvDAwAAAQEIChHf7BTKEDlZFgMBAgABAAH8AwMQmWdlc9Dfkc1LTp0B8prq1RD11s0EClXeRC7LPUuboSA7ltXQId7DryBOaTjcsMFd7i63qypbauhtrKXc6bkI8wA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWdzYS5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAALAAkIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgrVr\/fu0h15DcdosIeP8S9EdnaZyYtU\/hcTn61FxtjHIALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":740262,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"}
00437{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":774111,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="}
00424{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":776186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"}
01122{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":776389,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WaAbsCzUbEtxQHi4AYBAtFmAAAAQEIChHf7JhbEwv6FgMBAgABAAH8AwNJX\/Eg20C+2ys6T03zkHgGLiGZXi9UmQqJ4J0DwpXX4SAQcYer1CdJmG86iQRBRTj9FNUOUTD+JW73wsBQqImhngA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAWHeLk31ojbBM2sakys3+a3F5WQLHPz5v8kP2YwKoSSAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":791465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0JhcAACsG70cRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEF4nwAAAQEICsoQOigR3+wU"}
02368{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":793104,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUJhgAACsG6aQRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEEMFAAAAQEICsoQOikR3+wUFgMDAGwCAABoAwPcCjv1ALSjyPkWpO2bSpR3JwIIun1P4HP8y4L4KzHqpCCcb4EJClNVVOQuGf3cvgcXLsYJLrlO1X\/N4K1tREz008AvAAAgAAAAAP8BAAEAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMM\/gsADPoADPcABDMwggQvMIIDF6ADAgECAghXVVo04aWoWDANBgkqhkiG9w0BAQsFADBtMScwJQYDVQQDDB5BcHBsZSBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0ExIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTAzMDcwMDU1NDBaFw0yMDA0MDUwMDU1NDBaME8xFjAUBgNVBAMMDWdzYS5hcHBsZS5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLQVbrKBs\/5KaRQQSlJwdHv4J5zCNUZSHwkxPqJS2jgFlEdPbWJkUMdq6kTHjIPQ7CrhZOEZ6w85IcewhdWKAf4UKNmBAC6bayjGCFtErOPn07YEXLckgGvcZjfUB2FG3XFsimFajfpy+QxPRRFTypaXAtBnnuP\/3KymeAJ\/mkIq1R6bZ8N8jgkulRrQQeihRlCI0NcxoR8nKCAeW4\/hORKB4OJosSYoI\/Di9GOl+I361jLip9h1Ol1KNubkNcfOxENWnCYY973BkH3btnITFUgyfZ4fShFWPCM5vrnkORQcST29bfKMrvg93P07Rq0GTHoRHcZmLBeI\/2f3Gl0AfQIDAQABo4HwMIHtMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAULMVtUt0x74zsCIHt39zKQwBFAdAwKAYDVR0RBCEwH4IOZ3Nhcy5hcHBsZS5jb22CDWdzYS5hcHBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVzZXJ2ZXJhdXRoY2ExLmNybDAdBgNVHQ4EFgQUcLE8wVdqtnyesByhIkinog29yq4wDgYDVR0PAQH\/BAQDAgWgMBAGCiqGSIb3Y2QGGwIEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBW4\/fFTy28qlnb9tV3+pPlpIpTbx6u+CzXXHpn5\/Eeg70D33kR\/idIDSMQUgxiii+FuDS9MbMQLdJbPyzVOnI7KqZ8ysFmyTAqkDs5GD3hy2q9QbBbRrk6wwI0Xxs\/Fv\/cMhABHKeVoG7Jok+Jiva0CVTyCjFRLHgbyWkEisdlZNmEkmy\/y7bByOMvWRRgcT9iCrlFXFwhVqTODiIk1YUomGZNmRLDl4BQUVDOHXnh3l\/O1G+u5V1INE4WwAxPXoL46ElNpD92ognBauK12m2RJQKWq6qvkogpPd4CZzLhm8yg948mLcrK9Vc6WmCpLMViFmqTa8GL0BNDepmDqAOxAAP8MIID+DCCAuCgAwIBAgIII2l0BK3LgxQwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTE0MDMwODAxNTMwNFoXDTI5MDMwODAxNTMwNFowbTEnMCUGA1UEAwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0"}
00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02373{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":794223,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUJhkAACsG6aMRiaYjwKgCEQG7xZn\/hSHQvYfgt4AQAEEgqAAAAQEICsoQOikR3+wUaW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Jhawy4ercRWSjt+qPuGA11O6pGDMfIVy9zB8CU9XDUr\/4V7JS1ATAmSxvTk10dcEUcEY+iL6rt+YGNa\/Tk1DEPoliJ\/TQIV25SKBtlRFc5qL45xIGoZ6w1Hi2pX4pH3bMN5sDsTF9WyY56b6VyAdGXN6Ds1jD7cniC7hmmiCuEBsYxYkZivnsuJUfeeIOaIbgT4C0znYl3dKMgzWCgqzBJvxcm9jqBUebDfoD9tTkNYpXLxqV5tGeAo+JOqaP6HYP\/XbbqhsgrXdmTjsklaUpsVzJtGuCLLGUueOdkuJuFQPbuDZQtsqZYdGFLuWuFe7UeaEE\/cNobaJrHzRIXSrAgMBAAGjgaYwgaMwHQYDVR0OBBYEFCzFbVLdMe+M7AiB7d\/cykMARQHQMA8GA1UdEwEB\/wQFMAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01\/CF4wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH\/BAQDAgEGMBAGCiqGSIb3Y2QGAgwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAj8QZ+UEGBol7TcKRJka\/YzGeMoSV9xJqTOS\/YafsbQVtE19lryzslCRry9OPHnOiwW\/Df3SIlERWTuUle2gxmel7Xb\/Bj1GWMxHpUfVZPZZr92sSyyLC4oct94EeoQBW4FhntW2GO36rQzdI6wH46nyJO39\/0ThrNk\/\/Q8EVVZDM+1OXaaKATinYwJ9S\/+B529vnDAO+xg+pTbVw1xw0HAbr4Ybn+xZprQ2GBA+u6X3Cd6G+UJEvczpKoLqI1PONJ4BZ3otxruY0YQrk2lkMyxst2mTU22FbGmF3Db6V+lcLVegoCIGZ4kvJnpCMN6Am9zCExEKC9vrXdTN1GA5mZAAS\/MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg++FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9wtj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IWq6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKMaLOPHd5lc\/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH\/BAUwAwEB\/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3R01\/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70"}
01658{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":794234,"pkt_caplen":977,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":977,"pkt_l4_len":943,"pkt":"xGGLNYKpxiwDYGpkCABFAgPDJhoAACsG67MRiaYjwKgCEQG7xZn\/hSdwvYfgt4AYAEFJIAAAAQEICsoQOikR3+wUa40uQKb3R01\/CF4wggERBgNVHSAEggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBcNplMLXi37Yyb3PN3m\/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQPy3lPNNiiPvl4\/2vIB+x9OYOLUyDTOMSxv5pPCmv\/K\/xZpwUJfBdAVhEedNO3iyM7R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4FgxhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL\/lTaltkwGMzd\/c6ByxW69oPIQ7aunMZT7XZNn\/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AXUKqK1drk\/NAJBzewdXUhFgMDAU0MAAFJAwAXQQSY9aaZgqV3Ao8juLIcLj4gtM5U3s2R3yVtlfmcQVmaoNeCpnMnbWgazbijvv8uga9\/asVCtVbTWhDYyztsY2X5BgEBAB7DbuX0uVlePD0cwlB2V7ola4+vm18g1\/rihkcXGmun2h0iAqxSioPpw6QDVZDWAdaMv+ar6DDdnhMPc6wJUWI2T5cUGYiO1MA1ukOFB4lljTIcaMOuGUbVZ4btDdvb2Yf85Zuw2\/0wnoKoI8xpPvfIDEaj3putoppgk3J49T0jXCmj6GvgX2KyNcWtRWi2CoZItxdxl8L90ZYGjCd976dbvu7xJ7uhirRoo70bWSsuwTNvOZHXj56tWeDzkuz9mpsV878j8RV3RX3VJnwt0+KV\/za1Z\/vzw2XJJ8apWI9MsHvQOYxQySKeKuDHsrl0+0UNIf6XxZ0u1TixcMznQakWAwMABA4AAAA="}
01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
00424{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":810214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA03G4AAC0GLFkR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6u24QAAAQEIClsTDB0R3+yY"}
02358{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":811781,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3G8AAC0GJrYR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6vJSQAAAQEIClsTDB8R3+yYFgMDAGgCAABkAwPmeFGGnHgpP7l40Luq0\/4whPVBtZayXTPFxEUIIh8i9yBKruAHr1YWU9gHVpqeNK8Q\/3k8GBHQ+ecvxSY7m6rekcAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02369{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":811904,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3HAAAC0GJrUR+LBLwKgCEQG7xZq3FA0rAs1IyYAQA6vpHQAAAQEIClsTDB8R3+yYMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
02367{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":814156,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3HEAAC0GJrQR+LBLwKgCEQG7xZq3FBLLAs1IyYAQA6sMzwAAAQEIClsTDCER3+yYeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01123{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":814177,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"pkt":"xGGLNYKpxiwDYGpkCABFAgI33HIAAC0GKlAR+LBLwKgCEQG7xZq3FBhrAs1IyYAYA6vLUQAAAQEIClsTDCER3+yYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwB0DAAAcAMAHSD+x+VytcmV7WNXgbXmLp9haS4GjZxzboO9XW5nXMTLcQQDAEgwRgIhAPvT3IV9AjdpNGefDbSgPSo4QhMddgpu31WPcQgBdC\/cAiEA4VcIve2LvffT8aMppvIxhDUmtFZvpbOwuJdoe\/LlSHgWAwMABA4AAAA="}
00426{"flow_id":47,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":910901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUjJtxQSy4AQA\/Sq0AAAAQEIChHf7R5bEwwf"}
00426{"flow_id":47,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":911303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUjJtxQaboAQA\/CjLwAAAQEIChHf7R5bEwwh"}
00426{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":925892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h+C3\/4UncIAQA\/RoaQAAAQEIChHf7VbKEDop"}
00427{"flow_id":46,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":925949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h+C3\/4Uq\/4AQA+1k4QAAAQEIChHf7VbKEDop"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":929249,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00664{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":930239,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":934729,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"}
00552{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":939978,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WaAbsCzUjJtxQaboAYBADmiAAAAQEIChHf7TtbEwwhFgMDACUQAAAhIDKkQIEWZAlx88rOX5tT1olybnRVZCCFh2Ych8RieAgkFAMDAAEBFgMDACgAAAAAAAAAADOXRaCOmlNQDoZtFXOkJKDr47Af0t1lcWwFJ7SeDnj2"}
00437{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":967985,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="}
00496{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":973712,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBn3HMAAC0GLB8R+LBLwKgCEQG7xZq3FBpuAs1JJoAYA6v\/UgAAAQEIClsTDMER3+07FAMDAAEBFgMDACgAAAAAAAAAADE2avL7P0pc78ZIY1bGS0FIS5gBV3fQT3oYnSyr4D4Z"}
00521{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":973745,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAgB53HQAAC0GLAwR+LBLwKgCEQG7xZq3FBqhAs1JJoAYA6t1tgAAAQEIClsTDMER3+07FwMDAEAAAAAAAAAAASYx+h\/qLsTbOQlgH9YgSCutXJdRozXVc7bSZzNKXSSAd0yCTsFYntls75nAImoAahsOz3gPUtKa"}
00425{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUkmtxQaoYAQA\/+hSAAAAQEIChHf7cZbEwzB"}
00423{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"}
01125{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80888,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":115292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"}
02389{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116695,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUcJ4AADUGozVce00awKgCEQG7xZtUZWonqTuC\/4AQAOu0AQAAAQEICjMxt7MR3+3gFgMDAHoCAAB2AwPt61H6LFcJK86TX1GoH2PrY5tXpRF\/2SwmLfjDobAnLSC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcRMCAAAuACsAAgMEADMAJAAdACDz5rm0ZHHkdC70mqVixD+6PP+1VpNnjk4S2jr6YWMQWhQDAwABARcDAwAu\/IL2b+uh8v\/WQXLnGLTJF\/1zhJjgI4zH07lbGC7eBHKA5px\/1n1rKaOdZ\/oycxcDAw9hdpml+4bz\/FPRkb\/SbtBwcuz4cXwGWPA1ZaB1Xue15aFDeSq1uaLJCA8nRA64afvuv2HzQacaTFRgiAb+Yk+prC74vIiIILFVz3Dcw4bZ283K\/U8H3mFxQ9kuLXYXeen8TL6rIGsdv1CnXplV5+M4L2NJKP+ZOYpOgWU2czzsYVbqLROPY8WHyRJCiVgpgI2BwhLkwsgUT3G+R\/i9aVe7UU9OXlvxHfpz\/UEuhI82ej\/xl2nJVMqCjr+k+CBUrJ2\/7k2b8CkB\/oObgL6hITgMR62I6D+YWaHbbNZgBDFWGR0lPcAx8TmaEWQiC+zwUP\/bAfg2ciphmehJ+xqcALy\/r2LJ6XBqaQSeNGdNZbGE0kK0pxxNlXS4xECnAUnSjTByNgmD0kxL+6fxTRGjdoIXdw\/eQ0ibGkzgHaAkMe5VkVIk46bdyCzhDKZpBDuF5v+jvxYAeoaUAy2RZvT+cik9evtYRtpklOsUjwDDFFFv7UOszCSHyxBifzyb4HjslR9cPPfTy92zv4Z8fRuDLKENWWDuwsyniTVEcOcNcuJBVVIAK2FI0Z2i2G7zS8YF6y8kuX1UlRsoWpS1Wx0JX4c3I0FMU6cx5GqXpPfBukHyn9yRVGJvwDe5gncxu+tBuC6V7PuU+P8UH\/vwxHpz5pBOwoKIe3uV4pDOZy7ptYeyRNBok6iA1g8A\/qzg2Nms9xPpdPNpY8zqjzJb3rcL3i5NJZsGgxErINlbnURvA4Jv0W7cLXDzAfEXP4EuH8eTLhD5mkATgzvc03nNWkE62B+1P1FlsqaBhBtom1a7Kf1TF+UB3hQZD2DON3kFZ6nHyevuoAGKjS0gnIzStI\/ehnzKZiUdBjCzEoeSr2bY3rzy4HCahJCVIC8ImjZg7OjdZW3273pdEbsAwwg5kcwUHsG9u+VngPhuMSQ0vLgCM9vt5luBPw0sU7XPJKB\/lTIYjylEH5kPE8AymVwnYAZkXzRienK2lyW194jONv0VuGbBgH2+rD519x+3eANtV3b1Z6Sg0KMSALIZCDc0qK90H6kmABzkGlmu3zer9WFypg8lciwzMX\/gsnZN2SGuidVrFmGFUDbaX+7dnRBzUpCIbWTED1qwv7SrZJK\/fpYRpgl\/AeHqgkHIww9\/ujcKqI6U\/XAHTllgvHLnDki3Wj6gpKpFpOb9\/YhP2NBslB0pbUNLTCV6b4AWXvUBT46VySxj27HTjnV+8NQg10tlJW6+yXfV2ysS7\/w5XoYyjpjCPbHjbfncluasqfZkE4AMlYLaPi8vwNmwErCOOq4ChMAfwuALUL9GK9sU6DPQBAU5pxfwUgq1GJs+nL9doBOcThIfcW6Fo1c\/e9h1NUBZU07VSI6prjj7sNiiP06r53dsmscVRTsgjT3wuAZKx4YiW+6zrV2ZRAKWWYzEil74OqBABpIX1rAkWb3rTk1OclVbD+sC\/tDGbWW9uBSsr\/liO1Usp5pFlj40HCf9Y1cKJ7DmpkecUrMSSN1+Q+wq3usWDyhnRVG9sHpw6MvjZ5V\/vCpLkps3I6nUoKIF48iHB+tyPnOb4kn7AAIjUuogwgK8vwHvkI3lEsVIbH\/9F5sNXuXWmAA+gxKrllyCgYK2jacItGh8R9Wrdw\/7\/x5ruAolo\/zhURyg+Ygxg8AY6RyVuakgfoTogkza"}
00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02380{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116854,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUcJ8AADUGozRce00awKgCEQG7xZtUZW\/HqTuC\/4AQAOvMTQAAAQEICjMxt7MR3+3gn2nKgfmgF8aBkF3X7KNk6924h1FJsguks39Tk7FoXiTmioe6vz3e8l4G3Hl88yrKTSppvPgnbA4LIgCa\/hHBWlx0ORGxxsTEZgbUtoaAe7ZOLtOwoW90Py56ug379hKo85n8MFyPZBNKq4TcGR9hcO4NbuYxncak7IdoE7Nj6EUghd3aAjAXqH3LTxF76oopL\/JhumvVC3dw7VsHgEJauvJGO5HmNSu9AscFLSPu2qw5pH0qSm1H3dg53pUKsUfRg7y7dgZ8T\/v42On\/n5w3yLHouQ2sMaolF\/w\/p+SnXeNANgRhmY85tpb6B9kr2N3w4NEwBiC6S3MdfK1JF5yNBoobLxFbZFcTbayfGKs3at+GCok3OUkA7sT2s39j2lsr3H04Ik\/sHCq7YdiegEiBu\/eJy88ejAskE1SC6PTIBrH9DUOUhokOOEzz8eN+VeMte2E9Xe0WJn1ypDMXNh+ZYMI5LZFE13QL49M3Q+4+wmXLc+dk5EwAX0Mauvvek5S3GqoL+JBmSMG9TSmU4qlO4GXJwDq3WGToe8zBbnTBIvrv5As8GwuQ99OB4+ooth9+pC80yFhkesFfTlFQwIAsOQOAiCh0kjTLuidTU+fFeBeTLuyx4LEUD50WMmu1n6rgaZY4oWu96J0AFSqLYiJQXrTq31bnIIx7gu1RxyRByg4yjF7NfouMonfJ+470hO8cybUvH\/ormNXFsMrsjZqr76FxX9tA3KvtZJ2CTkYPOnvwThfg82YYhJi35M7dVEeKN0j7uBe1JEFiiAIYFT+Di5z4CaWtpwngWZJFEU3i3zpkdW2WqM5o1oaNUQ3dxcMPBN+8jHvz6MDcGqLoIvHsfIVBmMa5fJywxqhx2UGt7qMR4SUlIlOXiaA16yCvXF97FEDhUjD606Mck0RI0gYMuNOKTuFsuWlvJkgM1QtGtEhBoaFsWu9GFsm0rWYchXp6vY3iVLELUXJa1J9w7u0kznpwFhS50fSWRJVIrCAbtVUXLBwCwzeXA\/psp8mpwXu+1aFDnTulXXNIaKYIkvVuxBMn\/XcpETFJMfdw2RwxJ5SrXPcDYB4KEOBTeODNXA3ztqaFAw5aaaMvODhBx4aog4D7ncqV\/tSGnyt4SpZzGeAqnqTMcjCO8q4kTpdAwlCDOmKDI64u2u9y4R4jasGQgSLknp2qogAojJdaDjC07zGPnV54lVjlbM++gzmCl+64AV0Wapi57pNh5nhKe14UICK4S1\/eVSLi2UVPiRdXqHRAnVUMZwUZY4X2tro0Lmix0wo1CG2pnIzQd95Z1v99CXLjJUMssikjv5v9ArJouToIwVoeBEAIV\/FLIoLw6lKXaTRoUWU8b2t+exqF2oIoQyxUKvxiapQKC1tsfFo+kcDR9phLmtGbDTKK\/GecWARBWWWGpQjjodQ\/4tPWZwXsT9a8OyVUWkie6f7\/2E2WQ\/H+PiRFbFuHric+37Lk6zg2U5K3rFjOnp9g0sMCKRmFKs\/7Unj5v83vjtavl9H1YvUx+J3QefQzHy6LWoGG0ef6LRQRXodUdtpY\/yr36YpgYisXLiVgfJtuSyHDNGAlY4V1FZxawcS3MqO5+V1h3zGcddTgHIc82Cs+iKoHJgi91vel7\/pq1Tk7+uZH94J6dX1UIp5nO9cX6fVeUvOaO75f1iU5K\/Nijr\/EL\/Pzir59OuVP8R0\/uHhcStDoy3qeuRZ\/MOolCXeuhGRpPUGO7foBrnkxKZbYYViI7jBspmI\/TkXyPpiK5NStN88bhfNnsmQ7EEbCUuq8KkNAJHlkcYqA\/CdWAft6geJqvGog3p8feqyhTdoj1vPwv4H2KEQnWi2EfSZ0lShAFK4I4anU1WcuNlWWRYTFJENVgtO3kU8GMj65LfPRJrA9xjAdiOnDNlSY1DZgXSDBQJduK0LuWtBG"}
02081{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116927,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0cKAAADUGpBNce00awKgCEQG7xZtUZXVnqTuC\/4AYAOt63wAAAQEICjMxt7MR3+3gynpz1ygj\/bNUsbM8HfPqWUKmt0Zp5XH0md2fuKkLvqo2GLSpcLsvAkG24g7AGxJOTSmJmSFSG5W7ioQg18v8jpiPxzeYJbEu2AqIf6wyQwtvs6GE3rgEIeIzmdguSBtGAcYs1Qupw1V4UgUdk1wXjSKEdd4GIavkNFStdWoWfbyomomSUUpFbda\/MS3ZMSCxez8uzFRmWToPEolYpfqBEcTQCw4SLh1KcEcQZPfFbYn\/wBOdmWOEAK45X5DK309oe2B2TJfVY6WwyWoXqZZV2DFxTPzKByTS6DQ8j8OKd6On2UUrx\/UYTTMqwQ\/b1A9ihjmtLYJQmcHCPnuaLV+rBmfCHsRKlJBKCujbz+OH+ZNtL4zGeGq8lVPRwPSFSD1PbAjIWoxDo2nYy1pTq8N629cg\/3N921rid0CRofH1AsyGQcMDGxoGlVfcK9fQM0C2f\/KbZ4RomG7bOpKje8ozG7dQ2VbI0AYrjduLgqAX6pR3meIIMaAnlzL3LpTnH8F4q9549jefbBeNnumYxHXoq71vQ7JN+ajAi07ftBNoG6P9P2LNZTAps3c6oW+MIDUnE\/SVpTBmMJQ13QYlGoT8xMAXMwMwMco9rCt1PCgZkFAvMve82Nf4V1GWkJEBH7xyI4SIOQCs7GxcVhSs9AVFOZBHKUwc8jZj7vOpGqa9uOhZP4nNakYP1jCg6iBKeKpPxGIrBQytACXBTEpcNJCvqVt\/XZUFfBk1so1BS58QR0V4Ua7\/kUR4uJJgytp7iD1elajgXgPoLDTrkONgzg2kj9mGSE0J5x3cOwzluzWd\/2gQLXa+O+aOQQPf8avyso35IpT4Odhhch7CNBqFdmKLnDOEHMg25c9nAQJjXu6bwQs71cdyTnYQkRXiIHiWyoHQnbs+a\/Iqo9cvOQhhEZqfqcm2TydTwJGDrTrlSuOMPJPAzxh5ZSyvga4F1q3l0bT8x13C0DBDBEzCy2rhc0wngwm2E+qBf41x2C7o8ThzQEA\/if\/QyXvqk5TYR4dhT5uEIMWtel8iluiX99pS3xfFH+n7LhmlhuRASFlIj61j099Jb1LuJxQy2M0HvfQ7znlAuQKV6nG7OSadwku\/hbYMk\/U4m7qPDPsnwS3lw10GxMqN+rIuEshmRXhyUywZrzz8zKCAJXP87A3r9\/XfS7Vlg3MuX0EshaRFm8VZpoGnxMWUjr\/ucwHO0y4OiIr02A5QPdnCG7fbFXCxtgytlU\/CDvnNejFF5bSvGzUjvIAThBJjFE+aYB6OkJA+NO9fLiPf8Vp6SEfU23ffYm\/XlmIcID2YMNs3gBCuOQ2A1dG5yWLDq\/IG8Rnz9mZ6oTukUKowdGJKnHSbCeP9cOpD8+qxRVhpDEkbDxwQgMMlw\/9Uam4tDY5YHBzS4pM08V6MiQ0Eh0Y2cVK679S0t9T\/sh\/tPvt0FgEgZEeh4089uah+oEx4HiYFl6iLp\/Tu9wGr11xDQoSSgZuyBUjErS6OljQbTOtay+q+pEtdGDXe4tksRL4zBGdmfzkCL4w7EI2bkAo2XJjtZdx9wqL5uGiubBsZYb9qBUCu91OlMeXMkBNmAg9FIKvG531uJwFd6OoSxjfFV2YNmixIn1exKm4\/Oi4XGA=="}
00956{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116945,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"pkt":"xGGLNYKpxiwDYGpkCABFAgG6cKEAADUGp0xce00awKgCEQG7xZtUZXonqTuC\/4AYAOuJSwAAAQEICjMxt7QR3+3gsXa6VjEMA\/qTH4WMxt\/gfS5E4SAH3a5nmEs4Ha4iFwMDARlx8j7b2\/wyynr\/fCjWGnceHIW5qdJ0Ed0eWVgfY8+6dPYr74sh9Ipek19YOtvsg68aayL87264TsJm6tjpx+gyYZRiowvAQrZgj5KLOpg\/RuPvHkFUXg0XQIrUF+j45aAto5QF2a4WUbLlw8x7Alt83CmpLJhSio6qnFlhyYY00HueZ7hfsWKuZgWP0GljSeG5RYgz8INO5FGUU5B\/SInaazsKyaCxgriUrqnE962Gmptr7pcf4z81ByJZPM2uSLhTDwF7pZjjaNysDZc4NDbb0ncYXukqFxGk4olRIShvAoLVawWnSzvt8UfOd2J\/ejmG5Ytt2cVAuNWGbCs3+S0hncmmqHuEBDlAlvfYK5AjVPEPyKufTGua2RcDAwBF4W2JIjBskwTIw1j05siuqREXKUeeWZebQIXIjXhU002OIbsotbsoQ1lgL+24z+OPb1kTq1LMfdj5Z\/u2tJSxlVrJ9UeS"}
00427{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":119504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4L\/VGV1Z4AQA\/ReUgAAAQEIChHf7gUzMbez"}
00427{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":119523,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4L\/VGV6J4AQA\/ZZkAAAAQEIChHf7gUzMbez"}
00427{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":119573,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4L\/VGV7rYAQA\/xYAwAAAQEIChHf7gUzMbe0"}
00540{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":130428,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xiwDYGpkxGGLNYKpCABFAgCEAABAAEAGziPAqAIRXHtNGsWbAbupO4L\/VGV7rYAYBADYRAAAAQEIChHf7hEzMbe0FAMDAAEBFwMDAEX\/XpjJrdIuTQ7WfUad\/LITgBIPm70rbSOAE9S9roolg0tCwdyvLJXS9DsSfw\/F0W6bgM1P9P7o4jVsI7rbu5Y3epqnQq4="}
00822{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":163859,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTcKIAADUGp7Jce00awKgCEQG7xZtUZXutqTuDT4AYAOtUHgAAAQEICjMxt+MR3+4RFwMDARoUWmOetpJsTERJmzhBCA8jpi\/xcKnLsK84kce6Ao2MRyhDd69aWt\/ofXEx374g\/F5QC97XpSdg12YxhbAF4DSNvniVx\/hh0rTMr2XpyPxBVKAEzwiiURhFAHBFphw+C7xWaPNPncluuMrKbfPuxFXPxMxKCl3J8vv+Jm0txfRwh8+bLDtXV\/iCh65AvpA0Ns9oepa44WmiMYb51QvCNz8v\/PJjWXE6voFML1EXF7aSWioEpak47iKkIEa6yffGFtOQYGTiOR+xbxgmu67OPQ+8aieh\/\/g6bFtJblx+2VYbXwasB93CAS2\/flz59HKJF31E\/vzvRmun1HlzPcSi1keemf7CHy+rU5qqPDQk9aqWEcTe0vw50H7o2q4="}
00818{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":176375,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTcKMAADUGp7Fce00awKgCEQG7xZtUZXzMqTuDT4AYAOvWbQAAAQEICjMxt+MR3+4RFwMDARphOZHE1qgUIOEb03ZCD+O0FOJclKPZ1SVCxLgyzVyVHzi4TUQEujdDgJNPkR\/GPimn6coUYENMg3ZdzceVssTJAy\/z\/2LbNdsPkMk8Gze3qRvtgOrBKekQhMmE4Y\/qzNNGfcOsK4uEwmaVThLaRKXXUZpdn3UJ++2PMvfaqROQKGmYtP77Z3kXY3QP1iwb\/42fJ5M7rzTJ7RYmEho2Qhc8r2AkkEaShuzx7GHCvnKyTTmUHHMpe9Zq2zY4gGkoW8aXLao81Ku0NC8JO2JLCGSdIUn9g7eBMAjUfoxEWHWWW6I5O\/jkBOUxwhD8Bp69iTvuEpx4QzDXjtAMCpzJrI2YMiY4GrVAvkgMqz8SnsGKNSzd4q8tUL9mlY8="}
00600{"flow_id":46,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":252093,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAgCyAABAAEAGv97AqAIREYmmI8WZAbu9h+C3\/4Uq\/4AYBABd+AAAAQEIChHf7kLKEDopFgMDAEYQAABCQQTZRdeqgH933\/0YQkxoVWk3vpi\/5MvHcUXVGqvztHrVmPzO2NQcXf+XPiq1cZU3+MjmkxYpWsXyROd9tneOJAR6FAMDAAEBFgMDACgAAAAAAAAAAJw1OZiuYS+tEO+Hd6c6lK0ZkgPyE5on+DTSJH1yoCwW"}
00497{"flow_id":46,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":443725,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnJhsAACsG7w4RiaYjwKgCEQG7xZn\/hSr\/vYfhNYAYAEGDPwAAAQEICsoQPLQR3+5CFAMDAAEBFgMDACijXGTc3lLFvZRZu6rFz3PNVLffHlIVt0NF7hnDkSCoTEf3BF4V4KgZ"}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":454021,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00635{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":494055,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"}
00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":508065,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"}
00438{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":541627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="}
00424{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":545275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"}
01124{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":545389,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":579000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"}
02379{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580592,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2cAADUGlmdfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOvvggAAAQEICojTPtMR3++sFgMDAHoCAAB2AwP8TH04ZCrBb\/gkfljnUmujowdNxER7kOqz1gAUSd1ARyAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbhMCAAAuACsAAgMEADMAJAAdACBId\/Nnk2O5Sr4v6R4YPHo4E3mOFhXJdd0yp0DfW6I8TxQDAwABARcDAwAudMmXJPizSb+uU99qMbx5cAmpJSCLpPkIdtgbXgjKl2Es7W8sRKs7LwQENOumdxcDAxZZrS3p7EDxmR\/IXQjmqj4qIg62K04sA4wA8ndndzwoRJJ0ArSgjxsIw7SrLyfZo1bty+qCQYtU778MH9nCUJSxZLfaz4qJKmNOdx18ZEbSouWbYnumd26W36\/fu51gRJ9XS526VmaJUwQCfdv+7r6ZUSJ30RHugEU3fo3GLI5Yhe6sz2jCxaZylLfMjMgBcw6Ew7WqtZOmdo+m\/+V7FKX7YabQSZmpNz\/90iA87SUjBd+o0GPrlKSX+zgpaHBgvjZdqMSfGrDJgVtPEx8aL9b3ILaucW8tnzGY7\/hrsewgFXWKiKQ3YwWDMUX9gCE8GVAIiZSGpQmLJfUS6JLxMw6CyHNB6LZrGEY08Ljij\/qbKe0wdWpWXOJUJsVbpAw8SGs+ngDrozzw2MN1hX8nVhHctc+ZNwYfayeoMlbNyNz2crO70Ija9sijbkIQUM0xKwfwiexnPM5Ze4ksue4SfdSeCKlit4rerhP40Z2mh9xxZwHC8Yl6a\/LU0FBiMiG3X3ehFnXhnrJ4WqLsE5lQfb12V6AZlXSpDwCEHMVi6aZcHdmubp44fy3mTCBuKfI2DxJfXW7Ei6carC5Rn4PvDYucmJAVdinoQZi4BnShp5CkYd5sJuag1Y06B0y5pOiSM3EkRcI+jA1HqPICGHYgP9CqOqmnyaGJsIYwUMCCQlwq5vDvlgEETaqMtEGMpxQUVn7wH6RX8ysxaQ9gYqVrX5Z+fAvQvkyZZGwIoIqDF53PdClKh\/eBs+XtNdUU15aXQCE5wJbqhuXY36zI86AKLzkrTtkC+JkTtc0+b9YVvsLVTAk60yTnjC4yETkXglK5arNKJQQ8wO+yapKFYAy1z6RgktiiKO8HobCTmnrClWvRHGYqDk12Ih2RrtGQH18g\/B80eep9I\/EIOw4299xv6B0wvjiKDkvc3yUFkDfqs4IEW1j6w4f2h6I9mfV0woc6lmmWPACkfh3I1HvUftoBCC\/F4S+NWegAIYAHjhMhd5xS\/b3OWA0B7WYY\/AKwl0oGAIafXNFyIEEU3Tu5nS2FOjs+PZM6Ht+m4fUmSLxQM5SVWZo6Ga2Jm3GvuzbWiqWOiIPSAaFoPbq1PmeFX0qpIcjfiXjMCJZgoTnuD501kfO9FJPgV\/IATXU\/8dUpMk3cQwU7F6Um1gDSdO0UBTbEOXugn6kSlbhkSz9+JamsPAPBuzZYSeyQmZUZ24JlGUqZeqh60BUe4yvtzza49oGKt82zMxLWDI1jiMTrPt7cQ6tvF5ndLmftTJrIZjCbVHQ0bfpxz+Fz2Zd67mu8iPx1NfAZO5LJCXEYLbubq09dweHBNYTjHKm8TQzFs8wdtbhWa1yVdGS3h\/D9XcZvVmPlQ8MTJDdf\/Qe0HPLiG1miktNzT9Nyu3\/xsvWbLeaXVFkA7C9X67tzGDwARaO0\/\/MnABlnUjv3b9d17B0qWElkpNZAvOyzYw9iMrf21U9gYRZFEvFrA9PLZKhlV592v90TLSNkn5+eUdXprHVwBpJugztp2hkedjOPa8AgpPYJQZjkOJ7VFXp6ytPj6uc7wyl6N2NT3Xn06rL3X\/KuiYXW7QR4mTk1VA0KTdlbbr1IBR2zGy5jU134I9FqoaxSm5iu14lQGI8\/oyK3tOofGPmoPZ4GQghrNZ6UB+hh+t\/\/UnAY56vWxG\/p"}
00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02382{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580604,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2gAADUGlmZfZRg1wKgCEQG7xZzFmLrgIt36JIAQAOvd6AAAAQEICojTPtMR3++szuNvCfcQ3E+hmHoM+ZjvVSuv9dUCHP7J3aqGCVlC1HDszwxyFUimKhi2dVLHN\/ASBFwzIfhwm1zB1aX2kZp3tcj1jvrRfpYyIPXlx5FBOZjT2vIXeRU1HEk\/YAPthw9ML6DdTUF4HizJFE\/MMNA\/9IAIn42LK4Kl0WLbJtvMDwzvbMJVQkuvcrcXWeJ7Yw5iCadxuum0uoGX+bejEF1ZW70jnFoFbbNn0wkq75wE94FQfdG7ms5TWwRVgV42DAOLxa1XEOZs19UDu6XE5B7iIciObNajWeDkiyDTcsHNAzoqcwxDhGOWX78u0gpU15IkR3JSoTObpxy9OOAUa5HIUDQxcni6rIAvL2HWmGO0o\/095LxReXjnuBRMDxX3tqaU6U\/AvAyDdVtysbOqwps+\/zrR1NxYblB632WXG6tI0Jb8AC6OODtGXnUBMqF4ywfuLHNT8Bc9TORh1bf\/zIeGIUlOBr8bModwBiwZfg6YUIesWlS9BbxPrqcn6JHWZUKeePt74gpDcYFf0WjMPswy2tg54+f4OJyioKC4m5aUEGNMesgcSCHEph5OGJWcX6qPQlk2nvc69V0dP2GmKBLWpU2u0g0cBKUf3zgOXlYba\/cCId+dPX0vZRvzvm3imxZ1N1hLbDKfifoGcdmrKe5wNYXE+avQU64AxmYXlGH1rZi2dkEk4tNWB2n8T4q90SKT7F1bc6qzSI\/LZAT11coQkdUW8Q8I5V2dIXZVjaWGTtSZikLU\/lrLuTpdedsjX7mVxoXHXq9FDY40Jj6IJqI5zGleo0YQ9RbhAtf+7+9oJPl6h59LTk7vrBWTpJAWNmRtoEm2U8Wg+xLXQuvI7IRgE70L5EDNPKuqnmLeoLTiCipyBNdaf3hF67L1jfJUX3g04HCVCfZ4idSNCoOCsUQDFFGQ+LxiGB1QW5dlN9wfJBV6kWaBDw2rox3PgxYk5F0hRY3IIqoqqXv8GJb+n+8lJw4lcEwV8MxkROomgk9irDbnylXWjjrXZw2WsfjgB6wR1GsUrSUmOX6yeeEvOOyQe3O6oM3sWD8XnX\/tCcw9DMYvf22Sa+sEwNfN9LCChdR7Tkni+AZD+qgTH\/nqguEqiCQSgSM4Xgcwe4x3ozbECrhGFvVlKdZp94Jjncwj8kml81k0KaHJEe9g4KINkNA26ft\/RAldqBMjUXY\/gqAO888PUip8tSxDjCvdR9mwmZFLxs19AxCRRqyq6EdaK0FrSKPziuHmcoUS0QOl7oVBNtYbweASveLzzdnib8siOZbFYT\/zVpt3Z91R63oZYsNHLOtpVHDqn\/2tOOmhJz0keUtBRsWolDGKl9hFKLBO03XviQj\/sx3ZOtVsHjxtkOd9hfgATBfecvXVlNo6bPr\/MIr4Z2s7l1KgmKKxV0R\/Vvnra\/ns\/pUh+KMD\/+NdB6epC14G4Nds+fpsr0CLobI8Fx91L9OAedbuXjWUP\/yWpJk5x15uDZa1y3x3ZUjnTxehGTQlX6L\/Xxy50nLdl6zQCojVP81ap6L1402\/MnBNxtFD9wJ9bv4ICprjup8H7gdQx4MjbxAGGBN1yZJDgcAVR7AoiqjZjVlXI3DMjfj9BMJFo289W8QPe1nXbmhRWss\/7d49TaAYoOAM+lVwPatN8NeehRn00GJjdsT6yo4kcSkpkqV1szCzpQCExFnBzkTksYyWLQvvT+yy1okEA3ppOV85tK1cxWVsMPJTc9grcLB+UoWEWL7PbmlGk9+bGxH8l+L5uIJ1nOWzo0eA9CDe6gaYLR89x\/Cy4j62ubjDsUlQxe6\/E4soHuSGrl8JfT\/oQ\/13JAYm5isWKXU62M75JeKsXhkybPPELeOOVcP43fXC9vpTn4hhEAo4E+6kX1V6mpot8OuK+kA9j79tQNwqcplwHGgOZiubNieZ\/dfOBikW"}
02074{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580954,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0r2kAADUGl0VfZRg1wKgCEQG7xZzFmMCAIt36JIAYAOuRnQAAAQEICojTPtMR3++ss02MmIAnh+RZ0NyPM0J6Hg\/9Z05andIjWZ9U6COvSgcZhLgKTF4ETrGGvMmsf34PYDBdblOEuKcaOQogDklxQg55tuBX+52ItILIft0lkVw0mkAcQwsPhhUz7VgEXN\/cmD+TYB+AEgkShyvLsp9fOSjwDN4EVn1WFTwAzp0qSOYE2VgBIHCn4fsVO8sfXTvZEfZsONoNPiE5DNn1luuV8eQa9iS4jyRbXEoQbzWkH8uUX3bi1wcnQnVOo3pls4V41hpFiNCV+f+b+8SgWcZGJlbnhZgaE4u5y8Scg2tUXOXm4hN4j53vmfl3U6nPmtXfeHej1i7rQaw\/y9khIxnJEnks8aKZNNRnG3CUvpBNCxm48uTv\/joxIlKmjjEw1TjpkN+n\/gBmOzmYD+Y2Hdf4g8Cd7qbRxFJkkxmVD7A2qZ\/vw64yBgG87MWo+rYoN9Q77ho\/eVbFES8nNaNHxBi7A4ZI8280iuiOCS9H1+6d79VI3O9FvLNDsH1C9hq99qgoWj8cHVIOnXXXbP+gbRmLfSmXeWBdwIU1erGMfhKPquha0df1AF\/IouAwgQibzRiq3yyDDO7J7ZU4iBbBVOihCzjJALSGDS0PYvYmAzxFGFJvMtgvwWNHUaYJ+2\/\/zMtYJWpOyZVateXSRcVOQm689vcLB52z\/F4WfZvXpJElWALaandmb0NXYgTApOMHkR+R3aXfLGiBCVW19yG1M3nWxWuVHyBPN8MkZ2aQiHF8estXztS7zV56b\/JryVPkseADzsVa3eKtk51IB3nOBC7t9pbuJdpbnVhzy8+QSWSKECqUhVNh\/kCQcfcd1ZyBWp51wLtfUH889eeNmiNTQihETlunQdWj3cLVjCmSkeI66kzX5CbanbbPYBrcjhch6MHZjoF8WI1Lihn0E5snlvGZy+gv+TtS4rEt6bPlc8DX\/yU6\/jALiW5p66hP361+gEhyOdHKbpcxjRsclGcmquoLNV1mMFq5N6Rljzmg35dFbMbSePjVuIXu7nDB2AcYrBZOEPBWAzWQP0E2BuL8RviC6b2iW5xDn8Oxb4V1bQfpuanwOCuO8CFaM6CKMT+gcm4mi24Y+ExdhEXYRUHgF0o6T8NIyT38W3T6JSv+8AjYh\/EICGCtdet86PUP+8ILPMO9M571oa0CK1DqxDYkLcPJuVb81SPyQhPPYphSXj2b7PWQ3LZflyaU3aLMtvAtPIT62J4Ry3tua8qd4AWLaofQ6h1cxkP9dDVZdz4NJYWX6YjF4xc7HO2eO5O2xHVBtA1sTHXsS5mT78+r1dvNoZDnGNQ84QqK2Ba6BsDpTAYX0GQ0Eoa+ntbWChrHNnKKpTM1PfBwptRb+KNh5ch\/YXB91ZlID3AETwQROYn7vg1VHn65snmKOcB0s9Vefe5mbdtTnmSwb3qwFqelpB4AegKiIvKwf8\/E3y5GuTj0aASu9TcatYfIc9gfxgusa3E\/rA9cI6ER2hSBDDnwWYswE6p4EzIqcEFyKpKEQrEa9+KNdE8t+9D1Z7VGFeuSf2xj9XeeDaP7x6+e+f3JQJEISmOgq6h1xKIkB+6iMmsmAxyhykQxWs+SjCFKx\/WTsRprHXUBVT3C11iqGpMzc4ZSBomHmQ=="}
02380{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":581730,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2oAADUGlmRfZRg1wKgCEQG7xZzFmMVAIt36JIAQAOvQhwAAAQEICojTPtYR3++srcLGnObwJWh1KtD5HhIBsggJqFWar6cSoSIwWqAUCmaXGHrihdiGEE8ZXENRE0znJCnkqAMmVRaq0pL6cruev7aHQVZGlu8dzZV\/vKN4Jz1AYs1YgI5A4AB4XLrNHDN8k+mOP\/+G1rxDd9tziZ0YQvQbqHJdMLXpTPo+q1fhD2vpI5Pm4Xftd+Cg7wRXMkPkKZUritmhuTOk5X6PYJZuxn57J2rbuNG6jpnITDJo79qBjfsBCf7pXoUcI\/wffxl4pPkjiYYf71HyG4cIg9WiWH1he83Pae1py4t7IIJgilUJQFX1jRK0np+GsQIMqZcGssLjQkUqW2cbBg7H0A8JHOvk\/hqvDpLjdX0LjyhVZ2IdDf0CHGW\/rcX06TH1BeEkdhFRYvc5Kj2lOMeY8waeWe8OtLkMbXjex5g5bB9Aikot7jZ5R3gZtaDtqM04\/2CUa9Z6xPwOWJ7AeFVgKFQrhA9bjIy26Hrto48+IMunzVyXVnFGSf\/5DfavR6WWkDmBsIYR9I4SNdosuggT9nONeG\/M97xpIiruF0uRcQtRkW4SE6SiuIXWFmjcAaN7QCivKiYfB6fh9nH7OoKJ1SoX+yZL3ii+I4vzIZn\/Btkd6CQDFdmmrwaeWHKhQqjCKzKm2BfjOFjc7AOam09OBJxztdhvQpAIwWqOYMjA8azCWJy6RU9kcAnHGvQxRSwzFnDzbIdqtYRU\/OeSEy5Ztd4KZrvL9noxmkt2wBYuz1blaCbTrGbw9WgOHVGzncvMZB3edtN2N0jPjdPrEx+wx6BkJiY9aIUXFgz0MqYfEq1d7Z6eQWA6mXZj2QYwM0i5q46qyJ80ZC2IHHQGAgeKTB1KJVI7z3TH5bBC5iF26KHUWheopOmVB956LvUkLq0aZCmES0bJfdXQGgqWmGgxEVOAvxw\/bwQUulXvhrS4+SAwUWR+DEqOZvfq+aPYGkxM0SdQVkzhJgefYVP9nrU8FPQd8ykxsrFhNU3lO5WvjK2zaTODgEjuPQbCo8Ud7whhr92bQt5wVq4nppGqVsNPGS0aTH5Ie3KCyfgE9sULHSOStDSgO3ozIkAu1vxYKGVxz35QBv7C3VdKGfdO23r4mh1DnU+fS9N3LQRz9qWSSrl6RGmYMqDEMuKogrkiIK39f5JefcLtdgWc8sMpftz0wCbf2i+tDi2cLg\/mCuVhwddeZj\/SPBa\/z4U++DVs3H5E1QghU5K\/LrZ6Clh82FCY0\/VUq293bkKfJz2ozKPjH6iz9vzkX2v7XjnL\/S2GplxNztI+s9N6Kyd78LQyBjD5cwnWXNZWoWHkro4OydglYIjzz6cqEx\/vpJ71q3wAlqL8ClfGKFG25kvQHr8LW8nDjnsGbbvjEakY8dRo7KHDbC0vTeJMzChpYPz9rH8xRr1FRvD85DfktMk3ySazOH5ThUd8rROoDYREah+MyYW8iT5nLKWisQ6bdKAPkoNJk8QWOC1GPGY2CUVIQhfGmsmMN21PsgDHh2u3k2t\/cPcq1dgY\/AfkXlNhg9ALTaZoFjUgTa9FQ0VQX+5DLucrsQ4uCuZBw2f3+FYkxj978rH4COsV\/d+pp4gwMV6rbFezXVaR\/\/3Lx7PEBCpBe1dehJpGI4CojENI0lAusubM1w\/iM+KdbdRj4e8LL+BpjtdndBGDa+LPYk74YR9ntiBhIN+Z9qsGgNRgMA5Ziau5wCW9tfpns4Td0myWARox4iVsK9i5\/0WapVO0K6\/4pjcNGtMFtJbSD4YrFRiYvOqgpjhuSf6ud0+xpQQuRe3N3z06z4+1HYWPTq+5cm\/QZQQVTqncwJ25\/Qeirr++X6j8DlTWD1ck1aLARV+DSdOu7ILHkALwnvPtyFuQ\/hvuu66\/NvAOF9q8RyIOJ9jVo6zsHHopgv1pC8AQfh3Tl+MKHX3Q8qUS9uoi"}
00426{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":582989,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjAgIAQA\/QEqwAAAQEIChHf79GI0z7T"}
00427{"flow_id":51,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":583110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjFQIAQA\/b\/6AAAAQEIChHf79GI0z7T"}
01423{"flow_id":51,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":616462,"pkt_caplen":800,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":800,"pkt_l4_len":766,"pkt":"xGGLNYKpxiwDYGpkCABFAgMSr2sAADUGmSVfZRg1wKgCEQG7xZzFmMrgIt36JIAYAOt+4wAAAQEICojTPvgR3+\/RoYQEdDQqFTy06\/CHKMbkuhRrnufCr4CH4kaYDxilo\/k97ks2pVONsADGnAKMobY3s0HG0iTpgstOSGeLtvgfKjgqzD32yNjuJcqRS67t3q7Cwtgs7\/PujAtappyKmHujEpulfN11kN3tmPrqFlNMmW13GFKDcgUIEPrFb1Z+KRVorno9lzxB97RGn3xLOnLPtnUTYT2MmwY+lr50JV4Q9AlSVwnN+Y5KPS33wGXoUMUhiMEYhT7mXOoEp5drndxnHyoVgMjgWwkKtX66uBjliU2dLuGfkdbThjFvsq8enWIag2ZueMS3DrsSOcj6QtlsRJJkz2kEEH0oPHMXPTYzxOEV3lDJHpGYXiRYpmiJzEBlLWbu26N54lUT68rRwqmCIeOU\/IiumHFqO+uligkd35An1qjbClAaMnG40W\/2k8Dzw5hTYMUtHF5YRhUyFOy4mDmRLJorjX\/7lBWPX0a90r7QxzRQSRXkn2HE1SYwlK9s3DzMxIwXAwMBGe9zNI9aQUGwDgD6YK3mBJ0JWqv712JpXFNRYkGXxau8ikUIfHmGDdFGXwyQsJul8iLL\/YsC7Upv7V\/6UxivWV76\/eO87fIhU5TQHoMe2BjQyeXmL8KsVJpYF34TwafWiLphdBGWLo4NlXnMbbp0XFKEbhNWapalfmAFDs8R8hYEmKk4b\/Af0WPWhTQMT4vOIYeNbYGvcaXVgUSg\/FJLhLCvX87q6rkBpCEksVECRQVmsD3Epc3XWpkmZ+Wo73XXoAXBgN2D+qR4OZz1WhQBNafvKjM7cKHdyRkaxQBOJz+2fcYn\/JDj95lb5DuPETl9Sia\/SUZ3O3Dd6CxDqWqt++rQhhIKkORoFI3jimDu4CaqnzoBSIFWwBvtFwMDAEVhlMyjVKSl2Y6Yl+VAXQQHOPNCBxk6f5p3q\/Ee8PDtjGmFOl54W+9L3kFGr0DvIfPgZNfP8fpLtrh8jhJw0cHs+Jjm6k8="}
00427{"flow_id":51,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":617961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjNvoAQA\/r3QAAAAQEIChHf7\/SI0z7W"}
00538{"flow_id":51,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":639449,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xiwDYGpkxGGLNYKpCABFAgCEAABAAEAGAB\/AqAIRX2UYNcWcAbsi3fokxZjNvoAYBAD\/dQAAAQEIChHf8AmI0z7WFAMDAAEBFwMDAEVUOOj2tGvaINrHyVOhP0kBTB8LDlsPjRKAV8G0PLMBWW4ePVJCAbmXcCnjrI+JyeomJ1V4BzSnP+GW9fNRzui7ZvfHi3g="}
00491{"flow_id":51,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":641576,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xiwDYGpkxGGLNYKpCABFAgBiAABAAEAGAEHAqAIRX2UYNcWcAbsi3fp0xZjNvoAYBABgXgAAAQEIChHf8AuI0z7WFwMDAClRVTUdkgd1Ri8nQFNd98VjxkuZgkygicyhmvcNiVIlazT8aPL8dJi3aw=="}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1926,"flow_avg_l4_payload_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1582454556158,"flow_last_seen":1582454586170,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 500/486
~~ skipped flows.............: 0
~~ total layer4 data length..: 204168 bytes
~~ total detected protocols..: 52
~~ total active/idle flows...: 53/53
~~ total detected protocols..: 50
~~ total active/idle flows...: 51/51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 2392458 bytes
~~ total memory freed........: 2392458 bytes
~~ total allocations/frees...: 36251/36251
~~ total memory allocated....: 2389258 bytes
~~ total memory freed........: 2389258 bytes
~~ total allocations/frees...: 36245/36245
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 132 chars
~~ json string max len.......: 3518 chars

2
test/results/irc.pcap.out
View File

@@ -1,5 +1,5 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1387554241634,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":634815,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="}
00430{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":665525,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":665548,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"}

4
test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
View File

@@ -1,9 +1,9 @@
00500{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724520,"pkt_ts_usec":744830,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00213{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":114,"len":118}
00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":0,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00515{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724520,"pkt_ts_usec":744830,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":80,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":0,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
00511{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724520,"pkt_ts_usec":947456,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="}
00469{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724521,"pkt_ts_usec":281457,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00213{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":106,"len":110}

72
test/results/kerberos.pcap.out
View File

@@ -1,118 +1,118 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1549337929790,"flow_last_seen":0,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00732{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":790448,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00782{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":790962,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1549337929811,"flow_last_seen":0,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00840{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":811952,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00568{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":812641,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1549337929815,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00594{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":815091,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
00569{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":815994,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1549337929816,"flow_last_seen":0,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02345{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":816676,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"}
02370{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":816935,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="}
00615{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1549337929817,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00718{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":817554,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="}
00766{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":818281,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1549337929981,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1549337929981,"flow_last_seen":1549337929981,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":981761,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"}
00579{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":983015,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1549337929983,"flow_last_seen":0,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":983344,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="}
00694{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":983901,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1549337930192,"flow_last_seen":0,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00733{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":192989,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00783{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":193305,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1549337930214,"flow_last_seen":0,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00840{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":214154,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00563{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":214775,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1549337930217,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":217118,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
00585{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":217937,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1549337930219,"flow_last_seen":0,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1549337930219,"flow_last_seen":1549337930219,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00918{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":219494,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"}
00794{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":219495,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="}
00717{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":219495,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1549337931189,"flow_last_seen":0,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1549337931189,"flow_last_seen":1549337931189,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00741{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":189901,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="}
00692{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":190653,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1549337931198,"flow_last_seen":0,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1549337931198,"flow_last_seen":1549337931198,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00564{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":198672,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="}
00503{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":199586,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1549337931210,"flow_last_seen":0,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02355{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":210214,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="}
02376{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":211149,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"}
00617{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":0,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01853{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":211741,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":0,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00742{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":211848,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="}
00597{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":213235,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="}
00692{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":213237,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1549337931218,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1549337931218,"flow_last_seen":1549337931218,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00598{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":218156,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="}
00570{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":219086,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="}
00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1549337931219,"flow_last_seen":0,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02354{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":219686,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"}
02370{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":220282,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="}
00617{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1549337931220,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":220307,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="}
00767{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":221192,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1549337937690,"flow_last_seen":0,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1549337937690,"flow_last_seen":1549337937690,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00773{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":690226,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="}
00694{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":691075,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1549337937700,"flow_last_seen":0,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1549337937700,"flow_last_seen":1549337937700,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":700823,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="}
00694{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":701643,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1549337937703,"flow_last_seen":0,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00734{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":703350,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00784{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":703857,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1549337937724,"flow_last_seen":0,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":724378,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00565{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":724993,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1549337937725,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":725890,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
00465{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":726633,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1549337940431,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1549337940431,"flow_last_seen":1549337940431,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00598{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":431467,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="}
00573{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":432366,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="}
00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1549337940432,"flow_last_seen":0,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1549337940432,"flow_last_seen":1549337940432,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00894{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":432879,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="}
00794{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":433470,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="}
00716{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":433720,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1549337951630,"flow_last_seen":0,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":630943,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00733{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":631242,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1549337951638,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00837{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":638319,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
00632{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":638954,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1549337951639,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":639128,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
00501{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":639626,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1549337951709,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1549337951709,"flow_last_seen":1549337951709,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00708{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":709754,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="}
00673{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":710662,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="}
00883{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":711185,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"pkt":"pB9ywglqAAgCHEeuCABFAAGHASJAAIAGj12sEAjJrBAICMANwANTRpnlsystmVAYAPozQQAAggFcMIIBWKADAgESooIBTwSCAUuWLCgSHanSt2PP\/yVZcMfmf3O+6wkVadfE4eKakG1yO9SrZ+8e61jMQHtNJBdVjgWRd36YzM4hMkoAdzbpBR9NZThyJ11f649dicjSuLS+0TTKNkhTS5aP+2+mnqnnwKgAkNlUMsspI6StbG26XuSZeYdibrcSAfD9kHkFgsnEWSCqBWTMHVipU71tN6CdEXUPMPgdMC27QADlevQgcDqeQ+CaMuhs5GMB5DizisiK3lhDZnU7kt9iBk1lPvPq7LUIN5ZTJDARGYWlkq+iBz0i5CAvlmbQxn1dYqcSfUWlglxgIKwgVgnhQFAi0+OkVeTOKgDN3BKruoEBTil74\/S0evMc1u09Q2h3drzzLM87D5Tf5ZA+AA7wtSOBzz29\/X1AMobB75bUUFQJGjnEPxV7Cn3hUrsQuLV+886ueqKSkLUttIDIOiX8ZR8o"}
00726{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":711741,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"AAgCHEeupB9ywglqCABFAAEQE+1AAIAGfQmsEAgIrBAIycADwA2zKy2ZU0abRFAYAQCuMgAABQAPAxAAAADoAKgABgAAANAW0BaHIgAAAAAAAAEAAAAAAAAAMwVxcbq+N0mDGbXb75zMNgEAAAAJBgAAAQAAAKGBpTCBoqADCgEBoQsGCSqGSIL3EgECAqKBjQSBim+BhzCBhKADAgEFoQMCAQ+ieDB2oAMCARKibwRtFkUGSBk\/WNs8P1WQ8Umu5czQ0+5kt3qmyCKwqmWsGmeP2HdAYpVM1NOW3vOxQVk7A3LJVo2UlBLe3M1zmefdmYzJtoJ+Cb3iexzSZ9Yc6KmePBXHlaCcN9nDA7to75z\/ZLHEO5LicF4DB997lA=="}
00716{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":711983,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"pB9ywglqAAgCHEeuCABFAAEEASNAAIAGj9+sEAjJrBAICMANwANTRptEsysugVAYAQBh\/wAABQAOAxAAAADcAIwABgAAANAW0BaHIgAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAEAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJp9mTBcU16IO1kQMogTwb1XWobfceiHBSuURHH8yh2afleWvmaoXkSqprumpVc36Wfdal7quigImkGz2pi9qx8WKijHgQcBAQE\/\/\/\/\/\/8AAAAAXc\/Il1MxPpRTzqxKK9xt6w=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1549337952265,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1549337952265,"flow_last_seen":1549337952265,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00683{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":265412,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"}
00661{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":266196,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1549337952267,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00844{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":267129,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="}
00695{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":267833,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1549337952273,"flow_last_seen":0,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1549337952273,"flow_last_seen":1549337952273,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00864{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":273984,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"}
00692{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":274576,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1549337952280,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1549337952280,"flow_last_seen":1549337952280,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00686{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":280187,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"}
00654{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":281091,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":282931,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="}
00475{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":282964,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":0,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00897{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":282970,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="}
00765{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":283232,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="}
00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}

2
test/results/long_tls_certificate.pcap.out
View File

@@ -1,5 +1,5 @@
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609756181300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609756181300,"flow_last_seen":1609756181300,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":300869,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"}
00451{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":671657,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":671808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"}

Some files were not shown because too many files have changed in this diff Show More