bump libnDPI to 6b7e5fa8d251f11c1bae16ea892a43a92b098480

* fixed linking issue by using CMake to check if explicit link against libm required
 * make nDPIsrvd collectd exit if parent pid changed, meaning that collectd died somehow
 * nDPId-test restores SIGPIPE to the default handler (termination), so abnormal connection drop's do now have consequences

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

CMakeLists.txt

@@ -3,6 +3,28 @@ project(nDPId C)
 set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake)
 find_package(PkgConfig REQUIRED)
 
+include(CheckFunctionExists)
+
+if(NOT MATH_FUNCTION_EXISTS AND NOT NEED_LINKING_AGAINST_LIBM)
+    CHECK_FUNCTION_EXISTS(log2f MATH_FUNCTION_EXISTS)
+    if(NOT MATH_FUNCTION_EXISTS)
+        unset(MATH_FUNCTION_EXISTS CACHE)
+      list(APPEND CMAKE_REQUIRED_LIBRARIES m)
+      CHECK_FUNCTION_EXISTS(log2f MATH_FUNCTION_EXISTS)
+      if(MATH_FUNCTION_EXISTS)
+          set(NEED_LINKING_AGAINST_LIBM True CACHE BOOL "" FORCE)
+      else()
+          message(FATAL_ERROR "Failed making the log2f() function available")
+      endif()
+  endif()
+endif()
+
+if(NEED_LINKING_AGAINST_LIBM)
+    set(LIBM_LIB "-lm")
+else()
+    set(LIBM_LIB "")
+endif()
+
 option(ENABLE_SANITIZER "Enable ASAN/LSAN/UBSAN." OFF)
 option(ENABLE_SANITIZER_THREAD "Enable TSAN (does not work together with ASAN)." OFF)
 option(ENABLE_MEMORY_PROFILING "Enable dynamic memory tracking." OFF)
@@ -162,7 +184,7 @@ target_compile_definitions(nDPId PRIVATE -DGIT_VERSION=\"${GIT_VERSION}\" ${NDPI
 target_include_directories(nDPId PRIVATE "${STATIC_LIBNDPI_INC}" "${NDPI_INCLUDEDIR}" "${NDPI_INCLUDEDIR}/ndpi")
 target_link_libraries(nDPId "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}"
                             "${pkgcfg_lib_PCRE_pcre}" "${pkgcfg_lib_MAXMINDDB_maxminddb}" "${pkgcfg_lib_ZLIB_z}"
-                            "${GCRYPT_LIBRARY}" "${GCRYPT_ERROR_LIBRARY}" "${PCAP_LIBRARY}"
+                            "${GCRYPT_LIBRARY}" "${GCRYPT_ERROR_LIBRARY}" "${PCAP_LIBRARY}" "${LIBM_LIB}"
                             "-pthread")
 
 target_compile_definitions(nDPIsrvd PRIVATE -DGIT_VERSION=\"${GIT_VERSION}\" ${NDPID_DEFS})
@@ -183,7 +205,7 @@ target_include_directories(nDPId-test PRIVATE "${STATIC_LIBNDPI_INC}" "${NDPI_IN
 target_compile_definitions(nDPId-test PRIVATE "-D_GNU_SOURCE=1" "-DNO_MAIN=1" "-Dsyslog=mock_syslog_stderr" ${NDPID_TEST_MPROF_DEFS})
 target_link_libraries(nDPId-test "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}"
                                  "${pkgcfg_lib_PCRE_pcre}" "${pkgcfg_lib_MAXMINDDB_maxminddb}"
-                                 "${GCRYPT_LIBRARY}" "${GCRYPT_ERROR_LIBRARY}" "${PCAP_LIBRARY}"
+                                 "${GCRYPT_LIBRARY}" "${GCRYPT_ERROR_LIBRARY}" "${PCAP_LIBRARY}" "${LIBM_LIB}"
                                  "-pthread")
 
 if(BUILD_EXAMPLES)

examples/c-collectd/c-collectd.c

@@ -26,6 +26,7 @@
 static struct nDPIsrvd_socket * sock = NULL;
 static int main_thread_shutdown = 0;
 static int collectd_timerfd = -1;
+static pid_t collectd_pid;
 
 static char * serv_optarg = NULL;
 static char * collectd_hostname = NULL;
@@ -364,6 +365,16 @@ static int mainloop(int epollfd)
             {
                 uint64_t expirations;
 
+                /*
+                 * Check if collectd parent process is still running.
+                 * May happen if collectd was killed with singals e.g. SIGKILL.
+                 */
+                if (getppid() != collectd_pid)
+                {
+                    LOG(LOG_DAEMON | LOG_ERR, "Parent process %d exited. Nothing left to do here, bye.", collectd_pid);
+                    return 1;
+                }
+
                 errno = 0;
                 if (read(collectd_timerfd, &expirations, sizeof(expirations)) != sizeof(expirations))
                 {
@@ -693,6 +704,8 @@ int main(int argc, char ** argv)
     signal(SIGTERM, sighandler);
     signal(SIGPIPE, SIG_IGN);
 
+    collectd_pid = getppid();
+
     int epollfd = epoll_create1(0);
     if (epollfd < 0)
     {

nDPId-test.c

@@ -264,7 +264,7 @@ static void * nDPId_mainloop_thread(void * const arg)
     if (setup_reader_threads() != 0)
     {
         THREAD_ERROR(trr);
-        return NULL;
+        goto error;
     }
 
     /* Replace nDPId JSON socket fd with the one in our pipe and hope that no socket specific code-path triggered. */
@@ -272,6 +272,11 @@ static void * nDPId_mainloop_thread(void * const arg)
     reader_threads[0].json_sock_reconnect = 0;
 
     jsonize_daemon(&reader_threads[0], DAEMON_EVENT_INIT);
+    /* restore SIGPIPE to the default handler (Termination) */
+    if (signal(SIGPIPE, SIG_DFL) == SIG_ERR)
+    {
+        goto error;
+    }
     run_pcap_loop(&reader_threads[0]);
     process_remaining_flows();
     for (size_t i = 0; i < nDPId_options.reader_thread_count; ++i)
@@ -284,8 +289,9 @@ static void * nDPId_mainloop_thread(void * const arg)
         nrv->total_active_flows = reader_threads[i].workflow->total_active_flows;
         nrv->total_idle_flows = reader_threads[i].workflow->total_idle_flows;
     }
-    free_reader_threads();
 
+error:
+    free_reader_threads();
     close(mock_pipefds[PIPE_nDPId]);
 
     return NULL;

test/results/1kxun.pcap.out

@@ -34,7 +34,7 @@
 00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00424{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":634537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRcAAAER5c7AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00582{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":634699,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLQAAAQRv8LAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
@@ -1170,7 +1170,7 @@
 ~~ total detected protocols..: 113
 ~~ total active/idle flows...: 148/148
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2318245 bytes
+~~ total memory allocated....: 2504668 bytes
-~~ total memory freed........: 2318245 bytes
+~~ total memory freed........: 2504668 bytes
-~~ total allocations/frees...: 35266/35266
+~~ total allocations/frees...: 37271/37271
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-chrome.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1743536 bytes
+~~ total memory allocated....: 1928783 bytes
-~~ total memory freed........: 1743536 bytes
+~~ total memory freed........: 1928783 bytes
-~~ total allocations/frees...: 33321/33321
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-curl.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1749536 bytes
+~~ total memory allocated....: 1934783 bytes
-~~ total memory freed........: 1749536 bytes
+~~ total memory freed........: 1934783 bytes
-~~ total allocations/frees...: 33434/33434
+~~ total allocations/frees...: 35439/35439
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-firefox.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1765772 bytes
+~~ total memory allocated....: 1951019 bytes
-~~ total memory freed........: 1765772 bytes
+~~ total memory freed........: 1951019 bytes
-~~ total allocations/frees...: 33993/33993
+~~ total allocations/frees...: 35998/35998
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-git.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1751915 bytes
+~~ total memory allocated....: 1937162 bytes
-~~ total memory freed........: 1751915 bytes
+~~ total memory freed........: 1937162 bytes
-~~ total allocations/frees...: 33397/33397
+~~ total allocations/frees...: 35402/35402
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-opvn.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744841 bytes
+~~ total memory allocated....: 1930088 bytes
-~~ total memory freed........: 1744841 bytes
+~~ total memory freed........: 1930088 bytes
-~~ total allocations/frees...: 33366/33366
+~~ total allocations/frees...: 35371/35371
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-safari.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1747594 bytes
+~~ total memory allocated....: 1932841 bytes
-~~ total memory freed........: 1747594 bytes
+~~ total memory freed........: 1932841 bytes
-~~ total allocations/frees...: 33366/33366
+~~ total allocations/frees...: 35371/35371
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/4in4tunnel.pcap.out

@@ -17,7 +17,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/4in6tunnel.pcap.out

@@ -14,7 +14,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741575 bytes
+~~ total memory allocated....: 1926822 bytes
-~~ total memory freed........: 1741575 bytes
+~~ total memory freed........: 1926822 bytes
-~~ total allocations/frees...: 33323/33323
+~~ total allocations/frees...: 35328/35328
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/6in4tunnel.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1745142 bytes
+~~ total memory allocated....: 1930389 bytes
-~~ total memory freed........: 1745142 bytes
+~~ total memory freed........: 1930389 bytes
-~~ total allocations/frees...: 33446/33446
+~~ total allocations/frees...: 35451/35451
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/6in6tunnel.pcap.out

@@ -15,7 +15,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744669 bytes
+~~ total memory allocated....: 1929924 bytes
-~~ total memory freed........: 1744669 bytes
+~~ total memory freed........: 1929924 bytes
-~~ total allocations/frees...: 33324/33324
+~~ total allocations/frees...: 35329/35329
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/BGP_Cisco_hdlc_slarp.pcap.out

@@ -24,7 +24,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741865 bytes
+~~ total memory allocated....: 1927112 bytes
-~~ total memory freed........: 1741865 bytes
+~~ total memory freed........: 1927112 bytes
-~~ total allocations/frees...: 33333/33333
+~~ total allocations/frees...: 35338/35338
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/BGP_redist.pcap.out

@@ -13,7 +13,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741488 bytes
+~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1741488 bytes
+~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 33320/33320
+~~ total allocations/frees...: 35325/35325
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/EAQ.pcap.out

@@ -516,7 +516,7 @@
 ~~ total detected protocols..: 10
 ~~ total active/idle flows...: 104/104
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2071929 bytes
+~~ total memory allocated....: 2258000 bytes
-~~ total memory freed........: 2071929 bytes
+~~ total memory freed........: 2258000 bytes
-~~ total allocations/frees...: 33831/33831
+~~ total allocations/frees...: 35836/35836
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/IEC104.pcap.out

@@ -28,7 +28,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1745046 bytes
+~~ total memory allocated....: 1930301 bytes
-~~ total memory freed........: 1745046 bytes
+~~ total memory freed........: 1930301 bytes
-~~ total allocations/frees...: 33337/33337
+~~ total allocations/frees...: 35342/35342
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/KakaoTalk_chat.pcap.out

@@ -383,7 +383,7 @@
 ~~ total detected protocols..: 29
 ~~ total active/idle flows...: 39/39
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1985121 bytes
+~~ total memory allocated....: 2170672 bytes
-~~ total memory freed........: 1985121 bytes
+~~ total memory freed........: 2170672 bytes
-~~ total allocations/frees...: 33990/33990
+~~ total allocations/frees...: 35995/35995
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/KakaoTalk_talk.pcap.out

@@ -33,7 +33,7 @@
 00423{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":31775,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAArAYSU8vNk9cKGFK8AFC9aWNxqAWPEumfYBD\/\/59yAAABAQEB"}
 00421{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":130835,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgREkAArQYAKcvNk9cKGFK8AFC9aWNxqAWPEuwAUBD\/\/68XAAA="}
 00703{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":198981,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYRE0AArQb\/WcvNk9cKGFK8AFC9aWNxqAWPEuwAUBj\/\/7nXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H1HAhACxkMAjgS6TxqE8QDMBQYGAIBAoTrtQhJTdPFrb40+\/1\/O2g=="}
-00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.QQ","breed":"Fun","category":"FileTransfer"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
+00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
 00421{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":199164,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgRFEAArAYBJ8vNk9cKGFK8AFC9aWNxqNOPEuwAUBH\/\/65IAAA="}
 00419{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":205237,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUw0AAPwaqkwoYUrzLzZPXvWkAUI8S7ABjcajTUBA6oHOpAAA="}
 00419{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":207434,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUxEAAPwaqkgoYUrzLzZPXvWkAUI8S7ABjcajUUBE6oHOnAAA="}
@@ -43,10 +43,10 @@
 00446{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":856879,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
 00435{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":867163,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
 00628{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":878913,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":210,"pkt_l4_len":174,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAMLn50AAPwb4+woYUrxuTI8ygMgfkPcR2OqSeNqRgBgAc+MXAAABAQgKAAs\/HUTbaagWAwEAiQEAAIUDAW\/AJ5x07YpI03eyTIApyp52T5fbgJrvB2vzSmAW7uAOAAAYwBTACsAPwAUANcATwAnADsAEAC8AlgD\/AQAARAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00434{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":101813,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSw2UAALwZAmG5MjzIKGFK8H5CAyJJ42pH3Edl4gBAAH0+uAAABAQgKRNtqrAALPx0="}
 01586{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":107489,"pkt_caplen":920,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":920,"pkt_l4_len":884,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA4iw2kAALwY9Q25MjzIKGFK8H5CAyJJ42pH3Edl4gBgAH7fkAAABAQgKRNtqrAALPx0WAwEANQIAADEDAVU9H6vNjsmWl+mtXVDPy8rMyQaSc89TIWgiy02NST4MAAAvAAAJ\/wEAAQAAIwAAFgMBAwwLAAMIAAMFAAMCMIIC\/jCCAeYCCQC35xiTrUC9NTANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wHhcNMTExMjA1MDkxOTI1WhcNMjExMjAyMDkxOTI1WjBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZgoiuC3vyjGQwWN1Y\/G2gLXrzYhnrYdBpXUgl5541Si1DUFeXudmto2X8JviTwtPM9bOMLk8c2gLTUKJmOdptp9qXnubsD89+qNi++nC9dmz3LRvRaWz6J0w7DFv5AsMOJ6cjJsqNbLBGSrO1bhrnXo6ZUpil+wYGT35WXJhxIkgnTWohNEsT6RlAImB9cuCGQz8DM7bHDsPNGhu5sjgZnnk+AeKK8FY9VV9dESDYb4of9Dakayp+JrR5MYVfASmd\/mbBSqJ+opCRNyVxwfhKPWkeZLD7Ahtlj6AFmso\/rwThAqCi3wI8KUooZ95z\/VLccaEg8vY7PgA0+0py+pNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGDrJdN5Ppz9OPTa3HDXzLQwJHAUfiipBZSXzoL\/uy1yA8U26AfNtg2jWEpQ8ijR6FlqlZLcJAiiKbRMWUuNkOUJlsmzZ7AOn+R1zo\/KyIIKnOlLOSWubKfFVXNqD1W9f0XUQIQ2bEb4Hp2TPGMTxuo6H6v5HXSSpMerZD7k73HKwZDU\/jVO10Zk5dVEruTzrBbq8qa6dAJ6FxvSZ74FqIv+LOAIok4AksbSUeKWI+q\/HFIO\/kDDpqvjTP9dO3NHPgBjO42w3TF\/CywiY5NXQizBUR7JsOxh255g2sA7XIjS1vYreiyrMDXuEy+gjnwQReXnI3sA9\/dVI5HUoqdx0F4WAwEABA4AAAA="}
-01033{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01075{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
 00435{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":110633,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn6EAAPwb5iAoYUrxuTI8ygMgfkPcR2XiSeN3lgBAAgEvhAAABAQgKAAs\/NUTbaqw="}
 00881{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":115912,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":394,"pkt_l4_len":358,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAXrn6UAAPwb4QQoYUrxuTI8ygMgfkPcR2XiSeN3lgBgAgCLKAAABAQgKAAs\/NUTbaqwWAwEBBhAAAQIBAC3VG74GEarKyWIAfC1t3eoICv9n3lOUl6EdMRLyzveqov7VqeSb+vUiADXEjvo2Ph4IxpM0uTEgRWks1OlyfQ8CpwOpaewjRrLbZ7\/Fm\/zPeyjp\/P3pk4lJ3FI5zqrJ+HgUULMWeKr6+AzQok+GHygmyw546qkveS2ASJI9J6rEx+UzswY8LaAepNuCXF3tLOS+Q6cMYhvlQdUkmCdPIAcy6\/aHTOZuAgr4sXjBSc2SXkXTU6DK9\/jA8GFEWxiX8kUmiD3\/ackC7YfCdwyMFwNA3nsgDZ0dDkRS1g9MwGH7v5u3hV0JEYUJn7rk3hkF2jdqDJRkYOH1L3bPWYU69dEUAwEAAQEWAwEAMF\/O2kD5pbKQHNWRGYU5syhmJpfV2RQgn4wrixRc1VRvmCK4dV8HuEl4xxthAnsmJw=="}
 00756{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":376410,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":302,"pkt_l4_len":266,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR6w20AALwY\/rG5MjzIKGFK8H5CAyJJ43eX3Edq+gBgAIYO0AAABAQgKRNtrvAALPzUWAwEAqgQAAKYAAAAAAKD3FZSkod9AGBhY\/5X2U\/i0ZlUT19StXS97iyKpOUa4IW\/fyXON8W7ON1PPWxIsbCFlSHKfXZzC9eGaF0YcZ5Vky\/m+ZkbJO7AxjCAJ7euFadRchQdVzPIZk2Ua8ouf0\/EszfOXqattY5O6GsHl+975F0cZKKkRi1W0P3N5xnbqZMkVk7o5HtDEVFhjV0OWYTBoGuJ3dvVMfhwnAHMV19wcFAMBAAEBFgMBADA5UfCcpaWCvMf6Zr8mRRWhn9ER98GyiCk9DWgwLjFlP9ZoGBTEoN6zfrpW\/0ayigQ="}
@@ -67,10 +67,10 @@
 00447{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":114875,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
 00434{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":115149,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
 00626{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":129523,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":210,"pkt_l4_len":174,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAMJKl0AAQAaVTAoYUrxuTI8y5ekjKS1pjavX8J2vgBgBtm0bAAABAQgKAALHT0TbbpQWAwEAiQEAAIUDAc0IMYnVVZMQnojSelEd1V0KoNgUEJ7I0Qu6wTcqDhwtAAAYwBTACsAPwAUANcATwAnADsAEAC8AlgD\/AQAARAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00434{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":311164,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTyhUAALwb+625MjzIKGFK8Iynl6dfwna8taY45gBAAH2ZiAAABAQgKRNtvZgACx08="}
 01587{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":314856,"pkt_caplen":920,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":920,"pkt_l4_len":884,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA4jyhkAALwb7lm5MjzIKGFK8Iynl6dfwna8taY45gBgAH9xBAAABAQgKRNtvZgACx08WAwEANQIAADEDAVU9H62U6W1lEs2MeG\/MWzGrR859HfrcOD055G7M8hnkAAAvAAAJ\/wEAAQAAIwAAFgMBAwwLAAMIAAMFAAMCMIIC\/jCCAeYCCQC35xiTrUC9NTANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wHhcNMTExMjA1MDkxOTI1WhcNMjExMjAyMDkxOTI1WjBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZgoiuC3vyjGQwWN1Y\/G2gLXrzYhnrYdBpXUgl5541Si1DUFeXudmto2X8JviTwtPM9bOMLk8c2gLTUKJmOdptp9qXnubsD89+qNi++nC9dmz3LRvRaWz6J0w7DFv5AsMOJ6cjJsqNbLBGSrO1bhrnXo6ZUpil+wYGT35WXJhxIkgnTWohNEsT6RlAImB9cuCGQz8DM7bHDsPNGhu5sjgZnnk+AeKK8FY9VV9dESDYb4of9Dakayp+JrR5MYVfASmd\/mbBSqJ+opCRNyVxwfhKPWkeZLD7Ahtlj6AFmso\/rwThAqCi3wI8KUooZ95z\/VLccaEg8vY7PgA0+0py+pNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGDrJdN5Ppz9OPTa3HDXzLQwJHAUfiipBZSXzoL\/uy1yA8U26AfNtg2jWEpQ8ijR6FlqlZLcJAiiKbRMWUuNkOUJlsmzZ7AOn+R1zo\/KyIIKnOlLOSWubKfFVXNqD1W9f0XUQIQ2bEb4Hp2TPGMTxuo6H6v5HXSSpMerZD7k73HKwZDU\/jVO10Zk5dVEruTzrBbq8qa6dAJ6FxvSZ74FqIv+LOAIok4AksbSUeKWI+q\/HFIO\/kDDpqvjTP9dO3NHPgBjO42w3TF\/CywiY5NXQizBUR7JsOxh255g2sA7XIjS1vYreiyrMDXuEy+gjnwQReXnI3sA9\/dVI5HUoqdx0F4WAwEABA4AAAA="}
-01033{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01075{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
 00434{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":315131,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKmEAAQAaV2QoYUrxuTI8y5ekjKS1pjjnX8KEDgBAB61p5AAABAQgKAALHYkTbb2Y="}
 00879{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":337348,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":394,"pkt_l4_len":358,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAXpKmUAAQAaUkgoYUrxuTI8y5ekjKS1pjjnX8KEDgBgB60dYAAABAQgKAALHZETbb2YWAwEBBhAAAQIBAG0K85NVFhEZ7hFhOhKGxgyRETHunT8FGQj+gdYeJNGhl2iTodXARNpfVdu2p053PylRQ5i17tdvDyWHd72xyqohbELbToOfcGXrnB1e7OX6cfVBE2zPFq0LzHRh4WqlvJXmbdFC2c4\/OpXZ2J+AGS8oH4hFdJk55dD0Rqcg8k1yD8PtOCz3JTFofSJ5kPB9RlClZrWGmobdIODyW\/2SxycPTbIi3MtCy\/FJ+NV\/9XPOkhUES1aafiJUriL+AMVrSMXheyGDPbeIKAuUk9lHZQ+IKt5wU9hANFmjVausdYO\/AuzpyLfh859Mv2bMtHxFPWKKtvvMTDOSS378pAbYlfUUAwEAAQEWAwEAMBFMJwdLm84p2UKtLmvOwh+jBKFAAqnH7y6vsO7dMR4yZ5w0K8GnLcpOy\/dsnWL+mg=="}
 00756{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":543250,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":302,"pkt_l4_len":266,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR7yh0AALwb9\/25MjzIKGFK8Iynl6dfwoQMtaY9\/gBgAIdQvAAABAQgKRNtwRAACx2QWAwEAqgQAAKYAAAAAAKD3FZSkod9AGBhY\/5X2U\/i0MpxTcOThL2vCJOwLIHctIhJhbVKqgMfsPsuGU5ppnVaNIPFHIucQJJetyUxYwc8IhWUYpft5eIUS37zm3nqwElJYuHYbM1VBVwEB2pGGvRa\/DZ9VlXyqfltmwRg2q1MNtPiUKvMPFjKqhG9\/ANXnhI08gMpLwXhXDj2NqXHPjC\/WZDwihyPmSLrv32HhPTuuFAMBAAEBFgMBADCrg01tB59jb9CJJs57uREHyiJPkvP6NWrj9Js4EKD9Il3eVHOg10A0ygs0IDyUSAc="}
@@ -231,7 +231,7 @@
 ~~ total detected protocols..: 9
 ~~ total active/idle flows...: 20/20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1921161 bytes
+~~ total memory allocated....: 2106560 bytes
-~~ total memory freed........: 1921161 bytes
+~~ total memory freed........: 2106560 bytes
-~~ total allocations/frees...: 36597/36597
+~~ total allocations/frees...: 38602/38602
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/NTPv2.pcap.out

@@ -1,7 +1,7 @@
 00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00883{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865383,"pkt_ts_usec":632810,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741488 bytes
+~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1741488 bytes
+~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 33320/33320
+~~ total allocations/frees...: 35325/35325
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/NTPv3.pcap.out

@@ -1,7 +1,7 @@
 00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865405,"pkt_ts_usec":371462,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741488 bytes
+~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1741488 bytes
+~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 33320/33320
+~~ total allocations/frees...: 35325/35325
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/NTPv4.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741488 bytes
+~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1741488 bytes
+~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 33320/33320
+~~ total allocations/frees...: 35325/35325
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/Oscar.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1788315 bytes
+~~ total memory allocated....: 1973562 bytes
-~~ total memory freed........: 1788315 bytes
+~~ total memory freed........: 1973562 bytes
-~~ total allocations/frees...: 33404/33404
+~~ total allocations/frees...: 35409/35409
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/WebattackRCE.pcap.out

@@ -3195,7 +3195,7 @@
 ~~ total detected protocols..: 797
 ~~ total active/idle flows...: 797/797
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4354836 bytes
+~~ total memory allocated....: 4546451 bytes
-~~ total memory freed........: 4354836 bytes
+~~ total memory freed........: 4546451 bytes
-~~ total allocations/frees...: 38089/38089
+~~ total allocations/frees...: 40094/40094
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/WebattackSQLinj.pcap.out

@@ -128,7 +128,7 @@
 ~~ total detected protocols..: 9
 ~~ total active/idle flows...: 9/9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1771012 bytes
+~~ total memory allocated....: 1956323 bytes
-~~ total memory freed........: 1771012 bytes
+~~ total memory freed........: 1956323 bytes
-~~ total allocations/frees...: 33464/33464
+~~ total allocations/frees...: 35469/35469
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/WebattackXSS.pcap.out

@@ -6153,7 +6153,7 @@
 ~~ total detected protocols..: 22
 ~~ total active/idle flows...: 661/661
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4097575 bytes
+~~ total memory allocated....: 4288102 bytes
-~~ total memory freed........: 4097575 bytes
+~~ total memory freed........: 4288102 bytes
-~~ total allocations/frees...: 44739/44739
+~~ total allocations/frees...: 46744/46744
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/aimini-http.pcap.out

@@ -77,7 +77,7 @@
 ~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1755464 bytes
+~~ total memory allocated....: 1940735 bytes
-~~ total memory freed........: 1755464 bytes
+~~ total memory freed........: 1940735 bytes
-~~ total allocations/frees...: 33469/33469
+~~ total allocations/frees...: 35474/35474
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ajp.pcap.out

@@ -83,7 +83,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/alexa-app.pcapng.out

@@ -2377,7 +2377,7 @@
 ~~ total detected protocols..: 147
 ~~ total active/idle flows...: 162/162
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2867064 bytes
+~~ total memory allocated....: 3053599 bytes
-~~ total memory freed........: 2867064 bytes
+~~ total memory freed........: 3053599 bytes
-~~ total allocations/frees...: 37868/37868
+~~ total allocations/frees...: 39873/39873
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/among_us.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741488 bytes
+~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1741488 bytes
+~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 33320/33320
+~~ total allocations/frees...: 35325/35325
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/amqp.pcap.out

@@ -61,7 +61,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1758547 bytes
+~~ total memory allocated....: 1943810 bytes
-~~ total memory freed........: 1758547 bytes
+~~ total memory freed........: 1943810 bytes
-~~ total allocations/frees...: 33488/33488
+~~ total allocations/frees...: 35493/35493
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/android.pcap.out

@@ -647,7 +647,7 @@
 ~~ total detected protocols..: 60
 ~~ total active/idle flows...: 67/67
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2173223 bytes
+~~ total memory allocated....: 2358998 bytes
-~~ total memory freed........: 2173223 bytes
+~~ total memory freed........: 2358998 bytes
-~~ total allocations/frees...: 34255/34255
+~~ total allocations/frees...: 36260/36260
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/anyconnect-vpn.pcap.out

@@ -215,10 +215,10 @@
 00450{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620412,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
 00432{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
 00637{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620743,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"LH6BsEqhNDY7z3UoCABFAADIAABAAEAGxmYKAADjCCVgwt5ZEL8UzEFpFmR7PIAYEAijywAAAQEIChwNta14pr9kFgMBAI8BAACLAwMD1fZJLnU2wbbg4p6uNb1F++uvR9\/ndJiHrNU+USXu3wAADsAwwCjAFMAJwBMAMwD\/AQAAVAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAg=="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00435{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":655570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0E\/NAAPEGAgcIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAQBDAdWQAAAQEICnimv4YcDbWt"}
 02212{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667151,"pkt_caplen":1374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1374,"pkt_l4_len":1340,"pkt":"NDY7z3UoLH6BsEqhCABFAAVQE\/lAAPEG\/OQIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAYBDDc3gAAAQEICnimv5AcDbWtFgMDAF0CAABZAwMaAXyK9KQuuGETu8cld9JV+FK0SGZRa7CR6lzcsmkkxyBhHCxWTv40pUYrPrn3znrxjXuLJZACYw3f0K4HrVcFssAwAAAR\/wEAAQAACwAEAwABAgAXAAAWAwMDPAsAAzgAAzUAAzIwggMuMIICFqADAgECAgg\/CBLhDwTMuTANBgkqhkiG9w0BAQsFADBXMRswGQYDVQQDDBI4MTM4NDU2NTcwMDMzMzk4MzgxDzANBgNVBAoMBkNvZGU0MjENMAsGA1UECwwEVEVTVDELMAkGA1UECAwCTU4xCzAJBgNVBAYTAlVTMB4XDTE5MDgyOTAwMTI0MFoXDTE5MTAwODAwMTI0MFowVzEbMBkGA1UEAwwSODEzODQ1NjU3MDAzMzM5ODM4MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM61Q49djLnJMOmkIF0ll0F\/YDwr0sJF\/HQcSR5fSdw7EdXfDbna6x6jdhxE3Qn9gu2zsKj9DdoI9x8pHf25SLIxWtWtVXw64g9Cp6Akq6ue6XUldOaLIbFwakz0yvQNQHH4InGpGhOI0r\/JKwLXHTVarq8xZxz1qic9dGtps1TA1LnKt1ghcAC9UIhSSffTCRd3Hsuy9tV+rAge2xQcSFu5jpM3jMoIhFZ64uHnyNVlB\/PvazPdCIc\/da6TNg09oFSH\/qcSJW25ei7RChN\/n+1Y9ZZlpthcccET79wBa7HyRx3NeKMXBXMjRpZ5jHAXjnoyo9EGU5NYfQfrfADRdd0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaWilMnLLGQ2gXstlhQSHl0BxH9M1oZmy0zk+yCz0sx7sp4N4CzNfdXnzRNI1nOOjvmDOnoK\/rjhx5CHC5BKV8qXQgywjLv6TpvGuwR9ek3LBZZJgG6pIgEiCQy4fR4d0eonjwAPqjoL3IN6\/RLFeqp9yodmk0KnOElyg7\/70JrdDnAIUs\/fmFwqS5e9nnGF6lD+dFubpkplRTiN\/2sgrSN5o5wq\/jZw9\/jv07RNxswZ5b\/Xd\/m0seIx6S1aem4yFFpkW0ITMdscZToISSQJH21J82w7v+XjWmRg8mKpjueRaAmkWA0zA0X3yGm4a1zZlebgdFsP+1JTYS0\/4f7yL4hYDAwEsDAABKAMAHSCydU7QFYlE7imdhqa9AKGI8iMYpyccCRVwdMVtjxjGHAgEAQAOARPwkWMmg0R+fWFN8NRAQUSZPBqQ+HjdO1UI\/nFIojvvLcZsbxvEaJchrGKOwGbSsdK7ByPKFgf4xrxfWdx2lNjk0e9lLlSj20fPMXT0xD27Ai3JNC25GENTyTLxYdyFsANrA8WgEjo\/iRVH7lEYalpVjfagu0RxdU3ZUg2ouUrRkO8szgI+\/GQEOrUzC8+QTDEY9Md++ju1GWO07jJJf\/OlJg4H696Xgf+QXL0iAe5WMgucOeJioRMeA4H9BQGTv5XmpzqP\/6JX0BzGjc\/BbpIF2EPv\/T+uQX1X6A8Kw18ZHBNrHocnkRYb3DnvtB5Jzn0dqWmkTJauRfEbYX3tFgMDADoNAAA2AwECQAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgAAFgMDAAQOAAAA"}
-01082{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
+01124{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
 00432{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEH9FmSAWIAQD98MVwAAAQEIChwNtdp4pr+Q"}
 02051{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":671440,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"LH6BsEqhNDY7z3UoCABFAATfAABAAEAGwk8KAADjCCVgwt5ZEL8UzEH9FmSAWIAYEACreAAAAQEIChwNtd54pr+QFgMDAzwLAAM4AAM1AAMyMIIDLjCCAhagAwIBAgIIXsE90hYB3ZMwDQYJKoZIhvcNAQELBQAwVzEbMBkGA1UEAwwSODIwMDYzNDY3NTA1NTk2OTQ1MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzAeFw0xOTA5MjcxNzA4NTRaFw0xOTExMDYxODA4NTRaMFcxGzAZBgNVBAMMEjgyMDA2MzQ2NzUwNTU5Njk0NTEPMA0GA1UECgwGQ29kZTQyMQ0wCwYDVQQLDARURVNUMQswCQYDVQQIDAJNTjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYNZF26UjF+3XnUaEzq2uKuy6YckvZ5n1IhrUyH4zqRE0C5g\/BsCIvfkEE6TyupFQ4zMe+ASrbcfCFfmBXZn9EyO2y6o\/sbnd8HsF6Z3UUaKSHlnlxaRxv\/MedjLtwG3XZYZEuxpfay\/LAaGwVqFVP5hmYDEfjOT5Kd74arwkz4pyderrG697sUGTrgCw8fop3RymVwWeulqkHzdgm7wmvL9lgHGTFqzcYpnLz+ZplicVnyMy+m80fxpxNgKXAZDHsqfWX9O9dJf4wZXeSCnnj1yopzf5V0fJrs8CZKxE3rFS0er1ulRBi99xbJBI+1qCBTWPfbh7D6ri04FydMXJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADsP0enuURs3RrXlAMTbQYO4wqobE2iXacBBrHaoyhepONSqo9LJeswi9sR0mW4u8pQnbYOlqS86pZKJPoTQxLjJStpwWaMckOoZFubAOcmKEg5Fv169c+tWMJLBEOBJdKU+YhDNjTpdiszbuzRV1IHnW5omZjzz8Xlq\/EtTVq5IFr01PSptO6Lm620bDTyzWb8zuoR+aK9zZ6MQSmapuxkhs6wI45NLCWPcDd+k2WXJTNEg0Ni9b9vWGyMSDvTr5jaKQL3SfcBzMGcs+ugkma3W7YyJos32zARkMqALlPxyp6ikFzYWStXBSoncv9kD5Q\/7BjaQOWjN+t4i3EVf\/eQWAwMAJRAAACEgEWtqWgfGgf7lXlCr+zcvsN4Qgt8lveG0WfR54DQFHDMWAwMBCA8AAQQIBAEAsWffEwMziaZMvL09fBehHeaMPCBPy4zOPiqMony+6Xiwx9LtzC8X8PPN4kszu6J82D28ZzGdS0R89EmGsI54fPcJb4xdJXHhRNCGJvvagm0RXsKnXJu5TU04COJlg2eWmUZFQVDXUl8lzLNpSqlDx60dYVxm\/ehx3oZkHZVz\/SX31RUux10n+FZ9kNjiYSOsnpXHHqbA1wtdNL02a3oAPazweDlxd5JS+FooA\/KVtL\/VXaGFNFM\/iUgYzUBE8FRRITZ6ZcwQjyrEKyQYJ+JZV8Z8cG3OgQJ2rRH2lrIPbNOPiuvdzqYfnVZRBXfOC9\/\/VUqYskdiTTJ69u\/\/fmCexhQDAwABARYDAwAoYHY4Vgfv4X8IKyXCBRgV3egp4WmNBU+ZqlfDhPXew9ZtGk+\/14sACw=="}
 00433{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":700295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FQFAAPEGAPkIJWDCCgAA4xC\/3lkWZIBYFMxGqIAQBVoSBwAAAQEICnimv7YcDbXe"}
@@ -435,7 +435,7 @@
 00656{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":836308,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYxf0AAPcRg7QIJWZbCgAA4wG701sAxPjiFgEAAAAAAAAAAAEAUgIAAEYAAQAAAAAARgEALUKlqOqp+9af1GcxChS4QXaLYgzyjV+CMRoD1u04EzMgm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AOQAUAQAAAAAAAAAAAgADAQACFgEAAAEAAAAAAAAAQD8tH8NZsi0zp5KqIEac2zndlXephyhcvDs6uk0ts\/C74lCOOKMP7cl2vA0Fdivj2Vu+P3CxRTCYlcHvZh6mgEM="}
 00528{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":837070,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"LH6BsEqhNDY7z3UoCABFAAB5ttQAAEARSj0KAADjCCVmW9NbAbsAZSHLFAEAAAAAAAAAAAIAAwEAAhYBAAABAAAAAAAAAEB13T5lRIw++YjQQ3Qkoyswag+IeQZwzjpfo12O7l1Xcp3w\/UpkhLeZaAWDRsXTNSL+R32oH3qj2v2CyHpmZrLD"}
 00573{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":850848,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZG00AAEAR5aQKAADjCCVmW9NbAbsAhSBxFwEAAAEAAAAAAAEAcJAp8TP5L9aIAzjZZH+8T1estbsDYKyCkdkhe7+UIBVsNqyejSSkPEU7ONW2iokPbFMvxRUeCNaw\/RBrJMSNbsKC3EuMrgGykf+U9Wpz8EHY6SCoix9y+LnSEFWosh2QWwehPeVhCuFY\/xnfwN3j9dY="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00573{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873245,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZ5VoAAEARG5cKAADjCCVmW9NbAbsAhSuuFwEAAAEAAAAAAAIAcIroYcS3\/qjlLAJ5hVgNA24x6wrtxtbMm99puobFdI66KucUrXLCm27CpIExufGVwJVqf2dvO9CVHHSBup6yXTyxuJs4l0NHL\/QivpVOwo7lEHdJCThBbAs8Wx+IU5suN7IEDaosnRxSWsC2AMv9YUg="}
 00575{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873381,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZfpEAAEARgmAKAADjCCVmW9NbAbsAhXmZFwEAAAEAAAAAAAMAcDzvmPLtB4V20+vs+Pcr7Wx7iMFNIgDukd6WG4O587T8V7dCFBodz9a9s7xVrA3ERlsVnzccWHU51YiWyOFePh6Fd3h3UTko6Na4xxDhX5uGJ0Xd7XUu\/x6Q+cY0WD4xtC+shdVmC\/8lPH\/\/WjPzLa4="}
 00702{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881674,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"NDY7z3UoLH6BsEqhCABFAAD54UEAAPcRaE8IJWZbCgAA4wG701sA5YSXFwEAAAEAAAAAAAEA0LaEehtTZv8b2CA+a2IlOUc+Bvbq1lzEFnHAPMXuajrB85eB1MKeGzW3VNDRQWRwwuxJPQ2mMwZHhCjKnrmWW5KS2qzAK+qFSujGSVdmMGee\/7OHdHST79gz89tgHJxfuyBQfhXTys1q1mdON9ThMXarq+ChjYzv1lGnip9ves8v5LamEWf6T4IWeU4PuLdBbrziDg0Q71+FePE\/DDBfGX+DD21\/jcgPrUfagJMgvz+9HTnoOO9cEAORFAF9xsHc0X3haTRRd5VwQoJZPeiTVCM="}
@@ -623,7 +623,7 @@
 ~~ total detected protocols..: 60
 ~~ total active/idle flows...: 72/72
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2117081 bytes
+~~ total memory allocated....: 2302896 bytes
-~~ total memory freed........: 2117081 bytes
+~~ total memory freed........: 2302896 bytes
-~~ total allocations/frees...: 36577/36577
+~~ total allocations/frees...: 38582/38582
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/anydesk-2.pcap.out

@@ -14,11 +14,11 @@
 00427{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
 00408{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
 00742{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380848,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"KDc3AG3I2MuK4S0uCABFAAEddDVAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AYBAKFzQAAFgMBAPABAADsAwNj3AGBpT3DvXWxFVWt8lyInfOzaE5lLOK0P1RS+v5ukgAAbsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwALwD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00417{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380908,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh7SVAQIADEJgAAAAAAAAAA"}
 00419{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":381236,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh8PlAQH\/jDOQAAAAAAAAAA"}
 02383{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391710,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"2MuK4S0uKDc3AG3ICABFAAXcAABAAEAGsF7AqAGywKgBuxue05RZw\/OXjxh8PlAQIABdFgAAFgMDADoCAAA2AwOE4uKagyR4WpzZlTX3uV81nzJfBEzLEFSech4SFt7ExwAAnwAADv8BAAEAACMAAAAPAAEBFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMTgwODAzMTIzMzM0WhgPMjA2ODA3MjExMjMzMzRaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIaK0rq9eTlZvBcmZhh1H9c4WyavqU3KnPQjWKum4+D57QTq6vpp8Zc0mmlfSbdIckUvHjBDiS9uimzm4D4EcxdTgnlDkoD1BP4ueHjekNtFNgh04fFTTZyZVscL3oNitoLTkU4\/rpKLpwwbDC6h6+ytxWCa3+odO5IlRwhTW3afIESGML7\/I+EoPTOb1g2I21eLTPpw2Ey9Z+0sPtRAJpLulMSEj\/fpKcyvnqkLfpJH2HV0mGEFXtbfyn7y0dpUDxjRBb\/s55m+OHTMJOEXrDdEWfunUhL9cgvTyWnWwLxNdVWJEs4A6cGJ5pCETQrNRCkiOFuKXnFF3IE1SaR9ywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2PTeYQVpoK\/4FnIIlkh5oTJ+rM1qSGu6uZXaiGbYqvrjRGF0z4YSE+Dsi+oHIKKlFN7lTj2IonetId1bxX3mfUFFc6ADQqoEk3h87NEgrJdaCpIi\/Qm8jePsjyFN4Z+A+EycFrOMbq7rMs5rnAAGSEPy4hsFHG8OneF3O4rBgCM70YOduX2cQCQfAhJZVgos3r9uWUBhLqRgkyYpnx0cwgUl7PH8aRB0W1BDBtTpU0GDswuvU7QANMJA\/U5nmSE1oycJ+boqTuHQVa1pQq1EwvgFfgQnaJOLe+QLml0VFaxHmDnQrVnmRBIvH2hciN5dZgq7zNCC8xLxFzBrxXW0FgMDAw8MAAMLAQDM3P8099u0r5PnIjdrfYCIOEb0OZCo\/4MAKya\/lWGZGsYnrujP9yoMeXV2yLvTu7kuAPzePn77sycy3\/hvl6Zp6kV5OyRB9H6vxREG1klpzmZljFlBdZboUl0RmnvB8GL8iHcVMHWEC8Rj5OL45dI7imcsFseDZ3HMq1acOiIwt4HgVLAaJhuGuWcFvZyOAtIwvpZfawKTuJ2wQPw1A6F4AT2MRyW3E1B3u0Mk1UUxNrKEFRQZceM7MKKf5jS1FeeZWxBB7FYpK+zqe\/FrQAhtlkn7MZtzOl8wBOmniIt9wsrvumkU8s8XmI6mkltmDpPkTvX4p4m29qBcwlFj6ShjAAECAQDCHYAAeN+Fzo2goH8VTD\/ekbzedKa8cjO+06b1VIhzKulIRhJa7TDMAIKA+I6VM5UCzKeDOR9\/pjTkRKbNU1QwC9FCflZTdnnAPWNNbYS4P7fDZ1Tin0dYpBcIQF5dzGc9MBv+eY+XcC+\/ENM8n6EKAN5vowPUTiol3SuwagOILkDrs71ka5\/CAvjsLwrpwsAVwPGOr0JzPIV1p4pBDwTmT47a5Z0XPYi88F\/u93KfXqfqs3nzSzcRMrjPVT5neUgUiPYmc3iktFSX+pUl+vMSwj5svlkGWGUENFBO1HMT2+BQEEpP7yyL\/IvHJ3PDV7WyYGlOK6iboGjdiFlcpAnIBgEBACqMmVZNVs6IGGAvaodGnHjnzlNj4CSXPXzu43pnPxUt4ZSH6mEFirbmauhDTe7xq7CLLDdl4WEBy9+mA63uKHIsns1NxfMuFmjDtgW+FPZL41rbgDlAEU4hrZHyZ\/vigaajOEZd4SgRNTHFY7X2igHR2v7dSPEcLj32+tU9\/NpmbMhlNbqpUnXompGP2SuttNS1pyvio21FCYhaIC+rLWD1OQydP6s="}
-01024{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
+01066{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
 00607{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391710,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"2MuK4S0uKDc3AG3ICABFAAC3AABAAEAGtYPAqAGywKgBuxue05RZw\/lLjxh8PlAYIAAyhQAA\/lfoKQRRf1Hxpsc6c\/yFjbVmgtO6ISUwVcLPkVXAi7DnESvmg0P2bwtRcTr4ZR9Nv2mLB1LE54nX2F3jqjkB9yM1nC+2ntDQGnI0l5VsuqIAnOB72eDWll8HFgMDADANAAAoBQMEAQJAAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAAA4AAAA="}
 00409{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDdAAIAGAADAqAG7wKgBstOUG56PGHw+WcP52lAQBAKE2AAA"}
 00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1613977595407,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -26,7 +26,7 @@
 00428{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407489,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
 00417{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407676,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
 00768{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":408312,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"2MuK4S0uKDc3AG3ICABFAAEvAABAAEAGtQvAqAGywKgBu8tHG54tLA3dVf0iy1AYIAC+RgAAFgMBAQIBAAD+AwM5xa94fzbZMZS38bcet4LQXQHW847W4Z2LW\/3GqgPjFAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 02158{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":431292,"pkt_caplen":1340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1340,"pkt_l4_len":1306,"pkt":"KDc3AG3I2MuK4S0uCABFAAUudDtAAIAGAADAqAG7wKgBstOUG56PGHw+WcP52lAYBAKJ3gAAFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMjAwNjEyMTQzNTEzWhgPMjA3MDA1MzExNDM1MTNaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwap8kuXKAODl3oBaBKgWpoG5V\/9k9Re\/y85alMHsrZO3DL2CsBH2LGo\/FAOWUEOhQajl2GfY6wvsOvdSBeIfebFRqTI\/eyvzGX88OAXyXB8eUxPLEyIYR\/n+yQjHspQmrvuu8efb\/qsnD0wEfaZg0F+IVSnsvk7ydwKvfAM7cULUHZ0Rdjm5nVmmFqdnN4HPmAarEGGUZoYdf5diMMeygE8vYMiNC3GogaczMOURejt8nDKg3hDaVyqophSfYaYV3ITgE+Nh\/dVHh+EMMnYnecAfZjVQbrebwLeJyU4mm2l4eOcUa7XakXYely\/GV1aaQqmZEls1jwTB+rGy7S9NXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdS4QpIobUZqbbLjL4QoyB5qi3ZvARFTdDn\/9FwwTPSuHsKNhHmppWBwxEbx6h4A00T+QPgF+JpAon\/Xn567r0wRs+2Gx6\/cI8NKbS96Mi6NWr8UFxoeDYSx\/xaQiSAMRL05Q\/xUfL2hQSR7JGfXmwzGC2aMQ\/a06M6fbVNUSaZs9xsR+k3GRt9+n93NgXIOzAVQdbBETAx4gx2dNQDdg1wrP5pCoFNb8BplELzJqgvsS9+YJ26fnoOlRyktG8e1qKVEKb3BIRJYRTafgG9eC8SfhPYnYtFnIBtjzsJ3TB1zZdJVFNoxUozWRc3Qr7Gsi8TrD2m7DcORG5iDMlw1P6FgMDAQYQAAECAQDLZskNFwLc\/qW\/Nr+nKQJNvUu2f1z5l5YmbkSG9hgIFi2DKaaZOngFwl8rwI1rcdsD4nouljMfcV3R+yQGs5htzv39PiwagwI15EJ5bc86qPFaBEyzozXlfzv64MSTZBni6VjEm4tPNDoMy0H9an1vB5INebowvl5fmlYj9bNQkSnAjiIURhY0j9Tpp7s\/eNJllmD3\/sfXLji2SP9PkG9qtKRiWiWJREc7Xq9VAIgLGn\/VflVqkOU79Rny9e17uULj+hGQLIry9lPatmA6hQ1Q5Pm3eKSsywCcPEMX6RmXoSQ+nFRdiPbIli1CaOJA\/0krrsX4ONJiGju5DH3R1IzXFgMDAQgPAAEEBgEBAKJ1YjYtST15odzCEDfCmJThrwiNPIw7nith\/lKQBX0UeBtDcqCkoabtcjcTAM\/nktgo7lR8mg6WGh8yUR1jn6HMKh9wrcDxur+n0olwiIIAlF2SitqffUJ2Novw5iDG+eu27+IKY2BWxnqkhIq6tDdA6D\/Mo62TbFzYtc52yJSVXW70jTIyKoNHEsRBv+5A6TXkiXd7zjPBPvtiAitiCWyDfO9KjStAlkGCHrezoqs25iWAJiY9WNxLk8vLSCm\/kdWMAUW68+PYuCJrx298j7Et89JVhxDpqbUZnlOnhLNpaA5cVhkqAFr9+DTWOeICcY+Woka2369WVzgjKgZtlcYUAwMAAQEWAwMAKFniE076axSZ\/WgNd0lBZ0vXxrTb7Pcged+vpjq+VkIZR\/qdnoCgiPw="}
 00419{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":432030,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/najxiBRFAQH9e4EQAAAAAAAAAA"}
 01653{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":440779,"pkt_caplen":968,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":968,"pkt_l4_len":934,"pkt":"2MuK4S0uKDc3AG3ICABFAAO6AABAAEAGsoDAqAGywKgBuxue05RZw\/najxiBRFAYIACNSwAAFgMDA1oEAANWAAAcIANQc93rHDa7Yn\/vpGRVRnhvqSjWGWzp6Or\/X5BwKz9BSYKrm\/ARXk3L0fDCc7MMGgIGaxXmx3fu83\/fGJHp3K1gYF4MO8nuO9gHaenVjCtCJwpHjBsdxIPaJ8lqqNMhSiYiPr6GCMCvRgiSn4dAB+FmPDrBIazl1JCDWxWyJsFCJzQXGoLKxOZdf\/CHUD48qVlxCOZWUEw6dcHXn0uMXx0ZH+o3m9iA0y+tanJNMPT9j8hl8M5wnU1LapGDOPAJeqMbEVhYKBX6Ec8SF3QYJsXEdAMZsyCuA189E9JUGjuTMhpnYraUjOqG0T7WArRcMY66XU99hkUMild8VpnW8XAPgMqKaz86l4tSB5lMHg80KqtMxQ+UDO2nmLGm\/5cVWZCD1xHxWWMFs\/5Gm8LUPD5dVM8ec2vzFxrHMzL31QcLupSrS87jBTGgajGU02N0Uvm9Hk2VwXpYAXJQYdMnDK8uSC00uadYSnufU9mPosVQNIGniaE66R8dJpyOY3wKNp6L122wp3U7sqXuh\/gPf4EcTkZoTFD7CMSswBlH5RxkBHsb+Qf0vA\/E9yrNFWEz7oKs1\/drxR7y3KZ9CAEiWd\/AN53Ho1UTXZtZdlzixPDR3rAUlcc7BlgedZFGOQ+tASjX0vS4NweZ9sO1RKW2HGg9QTXYhI44KsiJ7kn56uV9rgYx2ZjFw3nv99yTZ7J6G844PiPQ+maNlcI+bd4rpJDv7LGdS0XnMLZHcoyBMkGfe2M8VfnCq9+eXNKEhrHrnCRWTGQaMEKBn7SMyR4TJD\/y9\/5D6XoQWyL8AktmenCijetEFvvgqXQ0GV875WNn5P6zWDpHlNLCGv+qXvx6UcheOjqFdlSkhnFbSp94u35svgOn9YNSf8VKnsmr\/7J1WqSmqEbxF1qIa7d4ZOSmKvplfTPKXeRyGO92yM\/F6YQsqars3GDmYJj0Yw\/z3Wsg\/9k9AngRCT4udBWwXlckxpUdUfGFBs5Ljd0dOf5H2wx6nLQ3TeqWij73Wqf7pxqTqjqRhVTiLSSSjYOBXAmdYnyW1CW6kMy\/ECGAbX+NQtMVUYaNbnBlkYM51TKHkxX2zdxQaVkPpExEPjujGAejMsXhAE9bVDXTP\/bZGlxJKkF5eXAUAwMAAQEWAwMAKG1RYmNOSSRuC9jylMY1BrjYSWTZ7Sl21N3DRGHGPjjUMvJPYE3t7Fo="}
@@ -34,7 +34,7 @@
 00411{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":440808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodD5AAIAGAADAqAG7wKgBstOUG56PGIFEWcP9lFAQA\/6E2AAA"}
 00410{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":463648,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"}
 01512{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":549041,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"pkt":"KDc3AG3I2MuK4S0uCABFAANVdEpAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAYIBSIBQAAFgMDADoCAAA2AwOohSNK\/kyh2J0OL2EIWx++95ipjSPTUL8cYeQroRk5OgAAnQAADv8BAAEAACMAAAAPAAEBFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMjAwNjEyMTQzNTEzWhgPMjA3MDA1MzExNDM1MTNaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwap8kuXKAODl3oBaBKgWpoG5V\/9k9Re\/y85alMHsrZO3DL2CsBH2LGo\/FAOWUEOhQajl2GfY6wvsOvdSBeIfebFRqTI\/eyvzGX88OAXyXB8eUxPLEyIYR\/n+yQjHspQmrvuu8efb\/qsnD0wEfaZg0F+IVSnsvk7ydwKvfAM7cULUHZ0Rdjm5nVmmFqdnN4HPmAarEGGUZoYdf5diMMeygE8vYMiNC3GogaczMOURejt8nDKg3hDaVyqophSfYaYV3ITgE+Nh\/dVHh+EMMnYnecAfZjVQbrebwLeJyU4mm2l4eOcUa7XakXYely\/GV1aaQqmZEls1jwTB+rGy7S9NXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdS4QpIobUZqbbLjL4QoyB5qi3ZvARFTdDn\/9FwwTPSuHsKNhHmppWBwxEbx6h4A00T+QPgF+JpAon\/Xn567r0wRs+2Gx6\/cI8NKbS96Mi6NWr8UFxoeDYSx\/xaQiSAMRL05Q\/xUfL2hQSR7JGfXmwzGC2aMQ\/a06M6fbVNUSaZs9xsR+k3GRt9+n93NgXIOzAVQdbBETAx4gx2dNQDdg1wrP5pCoFNb8BplELzJqgvsS9+YJ26fnoOlRyktG8e1qKVEKb3BIRJYRTafgG9eC8SfhPYnYtFnIBtjzsJ3TB1zZdJVFNoxUozWRc3Qr7Gsi8TrD2m7DcORG5iDMlw1P6FgMDAC4NAAAmAwECQAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAAAOAAAA"}
-01041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
+01083{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
 00417{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":549471,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA7kVf0l+FAQH+ZsRQAAAAAAAAAA"}
 02147{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":552668,"pkt_caplen":1340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1340,"pkt_l4_len":1306,"pkt":"2MuK4S0uKDc3AG3ICABFAAUuAABAAEAGsQzAqAGywKgBu8tHG54tLA7kVf0l+FAYIADZzgAAFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMTgwODAzMTIzMzM0WhgPMjA2ODA3MjExMjMzMzRaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIaK0rq9eTlZvBcmZhh1H9c4WyavqU3KnPQjWKum4+D57QTq6vpp8Zc0mmlfSbdIckUvHjBDiS9uimzm4D4EcxdTgnlDkoD1BP4ueHjekNtFNgh04fFTTZyZVscL3oNitoLTkU4\/rpKLpwwbDC6h6+ytxWCa3+odO5IlRwhTW3afIESGML7\/I+EoPTOb1g2I21eLTPpw2Ey9Z+0sPtRAJpLulMSEj\/fpKcyvnqkLfpJH2HV0mGEFXtbfyn7y0dpUDxjRBb\/s55m+OHTMJOEXrDdEWfunUhL9cgvTyWnWwLxNdVWJEs4A6cGJ5pCETQrNRCkiOFuKXnFF3IE1SaR9ywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2PTeYQVpoK\/4FnIIlkh5oTJ+rM1qSGu6uZXaiGbYqvrjRGF0z4YSE+Dsi+oHIKKlFN7lTj2IonetId1bxX3mfUFFc6ADQqoEk3h87NEgrJdaCpIi\/Qm8jePsjyFN4Z+A+EycFrOMbq7rMs5rnAAGSEPy4hsFHG8OneF3O4rBgCM70YOduX2cQCQfAhJZVgos3r9uWUBhLqRgkyYpnx0cwgUl7PH8aRB0W1BDBtTpU0GDswuvU7QANMJA\/U5nmSE1oycJ+boqTuHQVa1pQq1EwvgFfgQnaJOLe+QLml0VFaxHmDnQrVnmRBIvH2hciN5dZgq7zNCC8xLxFzBrxXW0FgMDAQYQAAECAQAiMOEYPS0Cq462+H9EtZcRg6RCo7GZHM\/txxOmn3CBPprsVwMPX+sGOLyndBqTV+vs+BqX0GYa+0R1hBy5LL0mtR1GuyxvyG67tUjzeF1nDKdfOvvEbMY1XBybPlztHRx5gw02b6+1m5Ywp7jVuK6qgCBOYAwhj6Aw2oYxULuU52CaSGQ6r3IiO3llfb8KlKvmt7y4UnG0aYyLAiiCjRbSGzfujupjjwNBYqoohOLhyWlpYWH12Xs5XaaiNDaddw6G7hYOsKyYn04XYiVFrfwbfHKUi965IOBjIEuvNuC7QG3B7JODw+wZNuMlgyynmXoESd8Lcsu0HgnOWM\/bTOVLFgMDAQgPAAEEBgEBAD+zwUbVwwjZeLFm3oHYXdOcfNJjH9Ym1dD96flP\/a94QLPL6arVuiuOb9rnmLB5rjSOB2PiXl9adrcgbV2lofqASE9ejadluab9VCmJjj+\/NZcdS1yQNstSu85P1Zc+BRNCz\/e0TwP\/E9W0JUAcjNSsp0vheEurgoM+cf6k4XuvwKaqKAtj6xcEpv1+JGO0PyejMfnYd9zOqIzT8M8wd6CClH4Sl4pTgj1Zefjue6Ck9FGIzefc0xX36L2O9wQL\/Pnm0O97IVDEmyx\/rNQoM+O9hVnVKPaYEk9FmlCNOHSKp95hllg7J2okT9Dgxqq4i8ydW+e7qnqXXBjvquezfrAUAwMAAQEWAwMAKIDoC+4aRr1dXYV0XRzAPO+S9Bd0SzHtHqjwd\/UeZOfah4i0a4E+CA0="}
 00410{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":604291,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodE5AAIAGAADAqAG7wKgBshuey0dV\/SX4LSwT6lAQIA+E2AAA"}
@@ -149,7 +149,7 @@
 00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":240,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":4988}
 04027{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":263,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977603,"pkt_ts_usec":313834,"pkt_caplen":2745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2745,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAd0FAAIAGAADAqAG7wKgBstOUG56PHFwWWcP+5lAYA\/2ExAAAFwMDCn5Z4hNO+msU3mQde8XauUXuibx23ZWOy1lfKlJdZeS7jbArOCdma5G1Oyj\/YHi4OgowtlsF3GCyvWAIcIaf2qvcUvo8xw+u+vFmA88\/ZFtsQrOzjtOQOjqB1w9IVRQDv2grZ\/g+TPfVtI2fmulJ6\/DmyG6skD8\/NJUWgh8nP2od5WwvpSZMAK4lfKeb2z0dUsUOya9f5mvFpFHQtfrBKUxJ+Qi3RehBwzTb55Ty8p+hZJJV7Iwzjy4pVLDEN902w5s1zPRfh8wp6Anmbv2bXEn0A43qLMRFkgBP5BI+igCLV7CUZs1YGzWqE2Qe5LZSZvQs9XJzBdK9uD29IREqU0HJNfHTRP5llSd7+z4nImKHOyeI7anpkMzlguOkoVfJQEajpvI3WE9X\/1CUkRjvlueAQCmBNgaGjBqVDukdBpXNlB3n+105fzXVNBRay4p\/b\/GcjzrAXO3IE9M5nF02cdlxykTYZ\/v51qwrR+BW7MUkGi3iYyceDRneOdImiEA8Fx2ms52erPvVB5WPOPh9wK4Bx+Olb78ikN5Z6ABTeAlOOHzSwfkuoLGi3VXydpd80btVVx94fLuzAnSflm6lw5yfcuyRzOr5GQAuVNsGcgID\/tfJAgJBy5t\/3GV7d0R70TiSGpc0dA8ovueO+whcxGg6XkvNylfFnAymmw0H4NMNkLqqo252fRfF7\/bzwTJQowsRZQOWGBqNMHe+7deiTVbvVwZYIsdMXNebCII3WU2oVVD64POtpmYsGKOTF2T3fYzkHHLWAVWGQXU1SehD\/X6lH4iv0uzHEKfY\/Hw8F02O8iWssDHjxDLKVUsInHxGwWBZgbF1MU72FDnuHR5CGNKs19Jbx9I2Kk7XDMbfxxqgpUygmTtFPYFKryt93oYMUkjkspSKsTBRkCWXQuaQo7qu35UlkH2lUKiV09U1wYPedcqUsQ92UbGj\/siMqOIyeQowgB+tEpc75tZfM8xnZmaiFsP4Vbf7x2c\/9r5dJp0GY03Yhup7L6msnnDvEn666l\/wb26yt\/yCGM\/WN68jMfQ9IAH+C39Dcs3b\/+kwvAnD044ZM3+CUM8hQFmGwe94aPz0bI46AuTKmNNXtxdN\/UJWxOhk3Slo\/7+xVgIu6ryQ\/3gqxm0qSPUTi4uLVp6WeJiJEXZ2OYpVb9Fy8UCEez\/wS41UwuJPv9fT\/EMbWyowl7srODAru\/H73XdW41KrMalzeWf6Mnb80av5KwiOs2Y23EoAu4D5z21i4Djf9v9ODq2KUOHe9qEvjwxVEnt1qjhsgG+OjPvdbTT6\/9Ya7HaguBU9fuN3skEP7nGJfAq5gvs9hwzjCnB2a4GfmzDhmVfHwtgGTFvvXET24NHuZ4K\/8PXaQD8fBsQPzmNoslsonoxEPXlubw07HA7kKD+zNBa6FR1oTEAvBYYHKVjVMGlbNwITm1Qe+SWAuqxnY1eq541bN2ZEe9inXHIZnCVkpt9QFo2+Wnlii6gpZKNvdvJGlt\/Ck9K\/d3yfuDmJ2HoqpJzzoojRioHe9nS6KdtHQiVxWDCHyTmPDoeJjFgmNShc1KNJCxdYSrbkpXIAJvp+2EtxPnijllODqp9E1tFwH\/rzveFmx+Wc1K7P3nLChjoT3ufyQk2mhbp93u\/64NyqZVuH7fRyBlfDOR8yN+BEsixebRyiiK\/FnZJ5fLjfhgVme8+WX021lqeGUdX3m\/VkkyJXsLdoBOPanm+WsGtt6san0iXRmZTigkrHoUlUqrF+qmPvvGm4dgD5dKZXTfVVcTvCeBoWiu84Jakxdh0f5VPyQtD5ET57bn8KGcxpAXRxzH6jCiH4XJoOqxeENkjlNoX\/E9R6S5uAACvvrA+ORK8fhz5MVGKF957Ut5GZNW84r\/Ky2TYqrF46WgAZBGJux69\/T4D1US4ZkgNfUGfpuRGDdidMFNf6yW+ITJBzigOL5NJlsMkQOChbTmqlMe3ls+Sb9u2RcrE33nNSiQxahx1SH2r4CGe4a7tQFwvlhdpZphEQzqrbUvlU3xdCMtTxxne3XgGSF8j88eoUPM0jqDUPlrBbvd5mXogZYZLOEfpyiMSNnbwIvEq3R6cCrmh5DdIorOBdj+RAuOyzSD4Z\/2iae2GDHelQyAemjxPKnVE2d0KVuxBWFPtd1zdWXTDCyFU5H5lDpkgf1mzHiNrvqSpBI7YVjs7mwDQOgbo9RmT4uxCkEDz5IWg47a+P4f5fcyxrdxQTjDQIpN7uN2CBc2Oq7JDZQYuUrbkmwr6hIAG0JW31HQHIKbQw56Eq\/UwylTe5Yw3Xapi+ctffH8Fjo74SgVjOfurQWtPkJ9y1\/XCYJlkQj4Eq9NGKVml798jEO3kWgIeLF2jcL\/xBEFbrjd03vbXKYB1444cMPq+N0eZDETbjBDQsHeHxvCVoTSxbrakgRAQrc3H+aBqBNYRqoVwtvSSFd8iLiG8W+DEr5zp94CSESrQl6Z1\/VXyEAlkGYB4NLUO\/vDEyyviQJyNtmzhFLw76uw+al1LSas8zYAYzxy9kQ4rSDMZ\/wy\/xerQQN8zFOZZ8My4SWoU+5ig+EmAZjEK5XhiKMyvL9KoFQqLei0e8SmBe3lYb\/th5YG37aWDNvw7KvJZCtvAGp55TDsGVsNU7Fcv69v3YfLy66ZJ09UzqvnzQOTuNkBcMftHM1AvQ7FLM5FN49i089r0\/PDCaCegLQIa8yH4jZrCgiAK9DWPBsJOYCcVcnTyElMFGWKAQDuy1ySm9g6fXErhjvXhHTS+t9a7UxzxKaObgCXnBVCEULXe03mmu6RWF8GioBeesdzkyfjBjHk13FB+ujRnul6P\/dcW7e44Iw1Sx6zdRz6QcbuAdMXxeHZ4bm6MuTvlVw85lnaquFyRVNxzYZfjSsR8b3Ny2hF370r70\/0L1mFO4BBnD503vyP5FGEUer6jOORAbVTvjkfv7DfT5ce+mqBnd7hI9nyQza5Z0fatgMDGKwWiclhCNav+XhjFgM+Mwr14C2gJjUDg9mfO52JQBrmzyQuDTC1bfYod7Vodp\/oStGrztMdFIBGm4gqba7qS0CZ7u9eU+lY6j57OMtLpGXhbzy6fEEUkWLB9\/J6wcBps4b9P2obOHVJ45sa+as0LsL1RcdUCU8bHEUzFkgHWDh5Bx6gLVQQmPtT0+kXpnPw8VH7nAt5zbP9PKg9mkYMdlrpXIZQYH\/vYZ\/s4\/AO+h5uy5L+gjfhFfEim+1bTLMvy\/gIapPFI+FVw78Eb39bDVBsZhXArGP72zkjqH60HyLuuVPZr6X+LiRvTF4ct4kmA\/t3Q8QPnOFyiRxqDR82tP4\/aMS0FPR4Sq9rD63\/BKuBBcmRXTwRi82ovnDQdBp35qpuj9GdbPJjSQE2nfmX2hsX6Xk76ZHbaL8KjLyiEkhDJl4ImfOLo1YPuIq1a3DUWjFYRw8EY9o0UkUO568j\/Fc\/yC\/CfR4bTRmkKaj8Hr4ucVe2POT1Wd1gY+y2vQppzcKvXvnmHhNabFyqyW99JpzheV2QazE\/pof2oLvgPRXNjBs9DyMCTvOSAAhuyUC+3+iJ4y7VqFLJJ88sglwH+eYe7d5DWImyW5UB4S"}
 00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":263,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2711}
-01027{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1613977595379,"flow_last_seen":1613977604238,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":16810,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
+01069{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1613977595379,"flow_last_seen":1613977604238,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":16810,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
 03262{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":359,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977604,"pkt_ts_usec":476233,"pkt_caplen":2184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2184,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAd6tAAIAGAADAqAG7wKgBstOUG56PHIiRWcQFglAYIBOExAAAFwMDCE1Z4hNO+msU9LBvnBdfz8pT3uIpAXl9v8baPCclctzafizqusRLc+3yBRrxsTQWeM+z\/j15TWKILyUHSn+85MmEVgMVvQ0naJDIPu9CFBTDGola9mExfWT+oniDrqVp1gDABVnjk7XDV+j312n\/hzyqb4ibRnC+bFrWzgCW1GEKZC1q\/E\/6hCR8a6NWoWAXlJURq1D\/2FNJECXg84tGVTlZUZ1hjKYFe1ajrioO0kHG42Cd8Zjh8z0Xueajz3JAzS640hLUA9UiOwKymZvLlEbzmhvESjy7FaJ9bekboPw3bn\/Jlj8ZF47zmQeEehl2qQ6htreM+LkT10pyuawnjdSA49JLH62hAyXThdYpAqJip7Of2\/W4b1J\/sOcFmX3l9KAFnOoqthb7U+hWo4LNbMBAreRWvbyJBqBBBkZtLMF3OI\/lgS2KRgiGqWPlc5\/8IqmFk9teB0eXT3W90Ps0UUvmRSCUsuyjlE2EUCed5yhGbXvuJ8xSirr7nIFa1dYweQN7QjZ0sg00UI7aXkhkgieHniYh7BkAzTo5ugnGnsZrDAocUbXzyptfnLrllkciPWt6N4rg8c\/xwdNBoEXRr4P2mFanIOSfwLfesF\/8nIMB4jD4dzmMHqwwnijrCTzHMjJCWGjBiVcn\/UQYAqSGPRdj\/olBVabavlmrH9Royswmu55\/v0PdSgyGh\/aF1NdAgMCQWfK4iTLXOnXiEhxUmiaGmwJhqej+pUp9yjksckOwAldsZVm2TEe1KH7VnJBozetryh05+IDLSkv0zfcXCynFCbOfRrXJi9E5rMp+EFcmkCd5du5qCwA7mioeIjdmsg6o\/hZay9NNqv+SjegBeEnWjGidm62Bg2J3ugleU05MdTEjPG\/0WEVFE4YLoZ0+Rmk27LsJ83E69N6EM7LIqHaBy4YgdBXCwRYXMBiZ7\/eXyR8ouKpqBrgyc0zmgTMfEguyU7bGFL8oz\/66InO2PDAb3K1g9EivYV0J8FGZbXrGGgeE23xb1i3E7zCa4xispnmUp8ZnvfmRqlLtxCp9xRo6wVZs\/8OOR3ozRmiI\/PMUf2ocLk1A7EQ06Bysnei2m9sDgUmz3xW18h43AuI3Dq2dw8luofIYO2mIw8PGK3r5t2XcHhzApuS2sJNMJzPVZjPnXGXlhTtPZq8RtPkaHlZqnY8opMkhjFF9Aqz3\/NEmWCFimFinDFcmhKzw4Zc11XVddg6SqbuK6go4CDvysm0p0t9NPekVu4zDVD4EAMuugSYVQPLC+GjcaxjX9UJufqiIKF2iGtSmbJ5\/R0oXR49FUnI9yHKXJ4k1LJbs5ulkD\/zGTnwCq17x21cHuxnM6jXwS\/ZjHHSGC3ISErC25VTJIcskqau\/dLYahxzXBtlEISVUbywuDuTbM8bVfs1bmyjIqYpqoABDoN8znMk4tsz9h\/kXlXKkCe6C+ec5cX0UVZQMIW14dtHVYELwX+yQ11ENYgNnbDvK9eYwU0VtThgC3i1tU+NwupUlXjxfhWt4d9x+S1Drfg2\/F29sYlDkdvYZFNRxoce3hBgJMPkIZEwqQFdENALY7ybsrObH42iP1NFKqM2PiLlHgVkrXHPep5p5nTaEGT1K4XQKFidsDE\/TU5jp+uV5i7tmWslQ3X0hd1lqhRPKzFSxhrdL\/OkYNUrKk8pswZhw3Z5L1hzdrsD27Qhrf+B3glSilptp8X7Eb52KYHrcuXisGa5DME2Lrzq7wHZEcCZuFh\/f9pqqJYEw3qNzgBQZCUbbeWgAPqTdMSOTev3F1ZSLvjeDledsYbcWvH+19SSbYW5Y+wa3pdx8cHj9rgNJObLJ0gF\/YxIeWBWbMgRPm9VI884Bq0CmrSk7ddVJJwqxpMhp3yO6unpbvR+zfTdO\/gFuftha41xabyjq2RbwbJS\/QEAhDCTueFRp8UI79s9E8eeZNx9EvY6Nti3XxVxAo3tbUi6gx1ha8BjET5MrziHMVJP584CS0eGAzo8fj1U9Uc+O6iOZvqO0xkwHZXp+13zpS+c+REzva4Oj9b6ImTr0r\/rqGg9rLH+ngtAU8Go4I7MCxaT+qMw3Sn\/jD1ZwNCOtlEOXIH0ppz6oLuqXGCJt0v8B4q3O9\/iS4Etdlwc5FwSC7vNZeM7RhhTBOd920Cgdf6+edNDGmsNO4htWQFAC0nm4yH7hY\/lMyTQ\/Go58thZciiFw4Cej0V0w9z1lZr0Y19WT5BpU\/41Rhs5jiD4sEvnn5fsC0k7V8yO3RdbF3LAesZcbukPjgqMXj48hBw8gAwlDe4wqdAR8FzU4xAgi67KDy5J9aahTmpodMn3eAlq2seT1sprowIc5H2Jr6vfv0RSDSBv125+qvt0xa5w4kAcrHbM+eOH0yjmMG3GLfBJVMa4Vk1NsKaJ0UQ+RHQJfAUAyJ8xY4LRIPsJajoH2jPGjFbI4LDI8bhoRIdBFUKHN9uZjbq3H5dTZloX6t\/+mVMaOBCiuB0wF96KeaIfPnoIAfsOIL4RAjJpyEA8YqwiLIYneZIciytK4JU0djusymFsgD3QmBLLM3T8wmJfmQs+XxdV6LUZCGbP48aNe2PEu4cgNFp0Gedax29OKBqKQJrrDAOojGxNEFqD+wgFm25xNUI\/oXWJUXCHAhyWvKF06pmsW8PgL9krA7cX3OGZh+fx6Ouf09uuPaEUfCe9q0DYD5wRHLyGMQuCzEVKuvUYxbp4bFbcuyJYIyTf6WEilDAJELMx+kjzm\/H5Jsd3GEHZoFCHlCgDalTY8TAlsEpBNykvZp6\/PHoKQjUrmjAolT9SDrLsJqIlaBNF2AmQ\/Iyl1mM2T2GFnQmg84apLYPcFrVeD"}
 00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":359,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2150}
 02586{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":429,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977605,"pkt_ts_usec":157936,"pkt_caplen":1685,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1685,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAd+ZAAIAGAADAqAG7wKgBstOUG56PHJqJWcQKplAYIA6ExAAAFwMDBlpZ4hNO+msVBGAU\/CQ+++T94X6aPp5XOKoWc8p1LFmHdGVPh9BmLi6fwPmaM4TfFP18K97w+JrG2mMRmj1tdgTVpDxt1C0Gncnny4rfOTrXTSleZ5fZVTWiCSG7aNbBqkDSL349Eg9z8IeGPlnYoPEN4tP0hVZemLcZgvILCgm49DsuVR3nhYp4sy6rhIgg2ckXEUXDokzjgL1yjIvt0ScqIB4okJR1wK79N4XZqDHUn2McD1b0N9v3pDlMk30O+IeVoz9StvBgQxoSM1A5v2XOynHvcw3I8aid5vEAfPOQwi7MSG1PCJ0p3e78RTR5AvwoWV5tJbAp5WWCvBGG8HYJ6RuplivNDXK02J7ld0qN7u7Q\/nmAnAOYa\/GWwRKg9Tr4zfIcTQXCCMH8YRxab5gJYESXf\/z1ewgfmFdNttFpDtF3N7hOkJJmZHsJzuVof1rADifgRt97Zt+Isn2GstbeNF7UKJMLnv75OfDd2jVaGyCWOSqr\/89o5b0Qcba9pNbd27IaXMZ396LcYhHzQDlZLBOMY+gl3DT40bd0Qn3wMvCOe79J\/29yZ6+yHg0PB8z38SVANS+MLgd5MHawzoK6qP\/KoynzQmsUhdMqkAc0u5QRyWPT6U3NnyyEfroJ1LxXZiO0p\/fJaarHw0cLP1fjQ7KcB\/LPZEOL57GO\/hkiUjKlr9T\/zgfe0MpybuxtbUS5tZFJNfvjqzwCDWxHE6QvgtJYBEYICQ9457KYO\/wcbNLey4CBV4x\/6U3oxvEnGBaUwLbpibk59xCzCzXuzLKOU2h\/EHV6JrEnWQFj7q+IE54AaAPZmfjFNLhs8FI3pZolVNQe96OFf7k5LQqyxz6oZ1rNO+dd9\/S1xOcgbh4tB3VzpRlIif9Xfi6vpxQgpAp\/Ckg4g9P2rmweTngy7EZcRiPY\/bi2lc5tqtIT2YjwokS+09PlxQOwAQPW9v9MUl+HVmH9C+i2v5UfxK\/4ypGKOP4BxiKQOzzNuz++qNx\/SX2yG+XNVmn4xGXdzlc2H8mwNwrvpt0+QLWBHW19hkrtqlSNDdhPAKKnjAc9OMKU7xejzXqyMWinIDTpLMEj5I3dKLCyxRQJXLZTienT2QWOT\/xdc50wNc4XYcA+6WBY7IyfdBJBT+rLgTGDSH1\/zTXELobM+rGuJkzTFRw9bqFFXtxSCc772VJ12sjK0vXDvFWKoFaNoe78LZ5voDtMwqopYvwpV7H6nPpWna\/o4CSRCyA3G14Am\/fxios0att5z9q+drHHVURelxPIt6ukJOio91iJVDLpBHbf1hgwox0kd\/+SeiP1mSjU2kGz8LrctjvSpmSRN6a6sKEorwbTCfZd78Qn2UaEncdDQIPr3BaGwPF4TGFI0Wu\/hgVJlFDzcuBsXN4DnS0YuWlgUdm0mq5mHA6s6lEm9Sw10GlrxnAmjH85PGF8NK+bJAyFRbkgKNmxeLMD2\/fJM9Yy30wqYmAchsBRZiFltsLa0nUe+XTAR9Hq2HXsEEZ4EdZwmwTjJRctTrzyhro2HYoydJS1pGm0+nd1efNqtke4yktOnOtU1KavI+p+2vrcYUysE5QjNXan78ayVsfgNcFNqMFZS8HNwDAfprS4urmn6HN0VMtMdjgGQRPG16qegP966dnrBVAaVqv7RxbWSqR9ZgtQN4kznoApYsQ\/htBNdcpggCk7aEeCp4hqA5E3Dgh9f+uZnbb36LAJBjvyFcmH81G3Lk5YlhF\/zSVvLKUb0MTqYenR0yMx4zxUl4GHoYotJkkka9m13vFT0upUDpqUYIAPW\/ssc5jgoqrMk9Hhi5y+7HWKQgjrdb6nOU4S5uyGOKDW4mE6\/rPBHp0fY5ylYs03GpUua9a\/glfenyNSCemqQlPjbCThLJwe2Q+jRt0ZttjgtfXYUtXdKQPdi9kDvDLF6bC6lPNdETt6RPwULQMHokPt4D2I843jsNIop+cnms6WRAoTEy\/nJlP0Xf6+O2AOve7kIGWj79Hb+Txxi7fe6XvRzr\/AFPz42M5rbE1CpgUgXEzV9+mwpu53B6ibIPrxe165c8h5iqFjNOd91m2C48D0xK3n27tv8SErJpnkzhizKwvbaMs382VOUnMh31zjjLabE7N9jb\/tEo1n8oAFoazbbRyR7uBihqWES0IVOQF2l2EDE0lPDLdJyXw="}
@@ -934,7 +934,7 @@
 ~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1823700 bytes
+~~ total memory allocated....: 2008971 bytes
-~~ total memory freed........: 1823700 bytes
+~~ total memory freed........: 2008971 bytes
-~~ total allocations/frees...: 35417/35417
+~~ total allocations/frees...: 37422/37422
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/anydesk.pcap.out

@@ -45,7 +45,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1964413 bytes
+~~ total memory allocated....: 2149668 bytes
-~~ total memory freed........: 1964413 bytes
+~~ total memory freed........: 2149668 bytes
-~~ total allocations/frees...: 40293/40293
+~~ total allocations/frees...: 42298/42298
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/avast_securedns.pcapng.out

@@ -1,88 +1,88 @@
 00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625215624,"pkt_ts_usec":443704,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1625215624443,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00643{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625215624,"pkt_ts_usec":563615,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241699,"pkt_ts_usec":450886,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1625241699450,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00643{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241699,"pkt_ts_usec":572209,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMLtkAADARvtC11iOVwKgCZAG77xEAuEqr03OBgAABAAEAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241701,"pkt_ts_usec":462154,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeoAAH8RjUjAqAJktdYjle2jAbsAL7p1TIkBAAABAAAAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAAB"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1625241701462,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00643{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241701,"pkt_ts_usec":583055,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMMogAADIRuSG11iOVwKgCZAG77aMAuDLkTImBgAABAAEAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241714,"pkt_ts_usec":666452,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1625241714666,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00643{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625241714,"pkt_ts_usec":787539,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320207,"pkt_ts_usec":133036,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1625320207133,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00644{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320207,"pkt_ts_usec":252515,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnAoAADMRTp+11iOVwKgCZAG73QUAuJ93UJOBgAABAAEAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320209,"pkt_ts_usec":63685,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9YAAH8RU1zAqAJktdYjld29AbsAL+vXy0wBAAABAAAAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAAB"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1625320209063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00644{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625320209,"pkt_ts_usec":184034,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnWsAADMRTT611iOVwKgCZAG73b0AuGRGy0yBgAABAAEAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321673,"pkt_ts_usec":727184,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1625321673727,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00644{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321673,"pkt_ts_usec":848204,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMus8AADIRMNq11iOVwKgCZAG7xZUAuNCsdw6BgAABAAEAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321675,"pkt_ts_usec":283046,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDS98AAH8RU1PAqAJktdYjle6zAbsAL9OvEl8BAAABAAAAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAAB"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1625321675283,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00644{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625321675,"pkt_ts_usec":403948,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395217,"pkt_ts_usec":252548,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1625395217252,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395217,"pkt_ts_usec":373676,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMg3oAADIRaC+11iOVwKgCZAG7\/boAuO\/BP5SBgAABAAEAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395214,"pkt_ts_usec":62223,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKcUAAH8RdW3AqAJktdYjlejlAbsAL0m4oeQBAAABAAAAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1625395214062,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625395214,"pkt_ts_usec":182444,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1625395214062,"flow_last_seen":1625395214182,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401091,"pkt_ts_usec":63741,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1625401091063,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401091,"pkt_ts_usec":190472,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMtpAAADMRNBm11iOVwKgCZAG7zQUAuETH+0OBgAABAAEAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401093,"pkt_ts_usec":323098,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDKdEAAH8RdWHAqAJktdYjldaaAbsALxAyzbUBAAABAAAAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1625401093323,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625401093,"pkt_ts_usec":443763,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625413810,"pkt_ts_usec":414650,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1625413810414,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625413810,"pkt_ts_usec":531155,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477697,"pkt_ts_usec":370410,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1625477697370,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477697,"pkt_ts_usec":487351,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMthcAADIRNZK11iOVwKgCZAG74ysAuDJEV2GBgAABAAEAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477700,"pkt_ts_usec":767388,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD4k8AAH8RvOLAqAJktdYjlfvnAbsAL7tgPVoBAAABAAAAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1625477700767,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477700,"pkt_ts_usec":884351,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMuTUAADIRMnS11iOVwKgCZAG7++cAuDPPPVqBgAABAAEAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477702,"pkt_ts_usec":850743,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD4lMAAH8RvN7AqAJktdYjlcIoAbsAL9+b0x0BAAABAAAAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1625477702850,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477702,"pkt_ts_usec":968619,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMurcAADERMfK11iOVwKgCZAG7wigAuFgK0x2BgAABAAEAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477738,"pkt_ts_usec":51015,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD1LsAAH8RynbAqAJktdYjldgPAbsAL4PhWDEBAAABAAAAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1625477738051,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477738,"pkt_ts_usec":172059,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMCxkAADER4ZC11iOVwKgCZAG72A8AuPxPWDGBgAABAAEAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477739,"pkt_ts_usec":836341,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1625477739836,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625477739,"pkt_ts_usec":952878,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -91,35 +91,35 @@
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482316,"pkt_ts_usec":411404,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1625482316411,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482316,"pkt_ts_usec":532446,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMlTUAADMRVXS11iOVwKgCZAG7++4AuP5zMq6BgAABAAEAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482318,"pkt_ts_usec":517463,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvkAAH8R1DjAqAJktdYjlcjXAbsALzxZb7EBAAABAAAAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1625482318517,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482318,"pkt_ts_usec":634061,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMmQwAADIRUp211iOVwKgCZAG7yNcAuLTHb7GBgAABAAEAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482396,"pkt_ts_usec":199376,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD9goAAH8RqSfAqAJktdYjlfkgAbsALyRTl04BAAABAAAAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1625482396199,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482396,"pkt_ts_usec":320234,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMN0IAADMRs2e11iOVwKgCZAG7+SAAuJzBl06BgAABAAEAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00453{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482399,"pkt_ts_usec":44158,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD9g4AAH8RqSPAqAJktdYjlcNYAbsAL0Y+i0sBAAABAAAAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1625482399044,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482399,"pkt_ts_usec":165298,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMOy8AADIRsHq11iOVwKgCZAG7w1gAuL6si0uBgAABAAEAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482401,"pkt_ts_usec":89959,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD9hIAAH8RqR\/AqAJktdYjlcJJAbsAL3PfnlkBAAABAAAAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1625482401089,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482401,"pkt_ts_usec":211672,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMPeEAADIRrci11iOVwKgCZAG7wkkAuOxNnlmBgAABAAEAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00455{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482484,"pkt_ts_usec":544530,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EEAAH8RovDAqAJktdYjlcqvAbsAL8hTAb8BAAABAAAAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1625482484544,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482484,"pkt_ts_usec":661573,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMsJIAADIROxe11iOVwKgCZAG7yq8AuEDCAb+BgAABAAEAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482480,"pkt_ts_usec":48526,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/D0AAH8RovTAqAJktdYjlerfAbsAL5AIOXoBAAABAAAAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1625482480048,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482480,"pkt_ts_usec":169190,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMo38AADIRSCq11iOVwKgCZAG76t8AuAh3OXqBgAABAAEAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00456{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482486,"pkt_ts_usec":856203,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EUAAH8RouzAqAJktdYjldUSAbsAL8JN\/WEBAAABAAAAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1625482486856,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00647{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482486,"pkt_ts_usec":976882,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMt\/IAADMRMre11iOVwKgCZAG71RIAuDq8\/WGBgAABAAEAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -131,23 +131,23 @@
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482998,"pkt_ts_usec":213179,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1625482998213,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625482998,"pkt_ts_usec":333968,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM\/oEAADMR7Ce11iOVwKgCZAG7+7AAuEu6pcWBgAABAAEAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00455{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483010,"pkt_ts_usec":449914,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDf5MAAH8RH5\/AqAJktdYjlejdAbsALyrioMIBAAABAAAAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1625483010449,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483010,"pkt_ts_usec":570990,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMH70AADMRyuy11iOVwKgCZAG76N0AuKNQoMKBgAABAAEAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00455{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483073,"pkt_ts_usec":336987,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDR0IAAH8RV\/DAqAJktdYjlf4nAbsAL7S54cABAAABAAAAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1625483073336,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483073,"pkt_ts_usec":457882,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMaN0AADIRgsy11iOVwKgCZAG7\/icAuC0o4cCBgAABAAEAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00455{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483070,"pkt_ts_usec":937773,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDRz4AAH8RV\/TAqAJktdYjlcrZAbsAL46OWvoBAAABAAAAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1625483070937,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00644{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483071,"pkt_ts_usec":57808,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMZ5oAADIRhA+11iOVwKgCZAG7ytkAuAb9WvqBgAABAAEAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00456{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483067,"pkt_ts_usec":865967,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDRzoAAH8RV\/jAqAJktdYjlczBAbsAL78\/SIEBAAABAAAAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1625483067865,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625483067,"pkt_ts_usec":982727,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1625483070937,"flow_last_seen":1625483071057,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -156,40 +156,40 @@
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511643,"pkt_ts_usec":408589,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1625511643408,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511643,"pkt_ts_usec":529006,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM0vYAADMRF7O11iOVwKgCZAG76FIAuCvROO2BgAABAAEAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511645,"pkt_ts_usec":426829,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDhSsAAH8RGgfAqAJktdYjldJPAbsAL0czmx8BAAABAAAAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1625511645426,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625511645,"pkt_ts_usec":546487,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM008AADMRF1q11iOVwKgCZAG70k8AuL+hmx+BgAABAAEAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556065,"pkt_ts_usec":479179,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556067,"pkt_ts_usec":432481,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAgAAH8RgyrAqAJktdYjlci3AbsAL6ehZCkBAAABAAAAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1625556067432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556067,"pkt_ts_usec":553211,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMazAAADIRgHm11iOVwKgCZAG7yLcAuCAQZCmBgAABAAEAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1625556065479,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556100,"pkt_ts_usec":118860,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwQAAH8RhC7AqAJktdYjlfy8AbsAL4gY7+wBAAABAAAAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1625556100118,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556100,"pkt_ts_usec":236729,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMlbkAADIRVfC11iOVwKgCZAG7\/LwAuACH7+yBgAABAAEAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556102,"pkt_ts_usec":196787,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1625556102196,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00645{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625556102,"pkt_ts_usec":314591,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558730,"pkt_ts_usec":271025,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1625558730271,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558730,"pkt_ts_usec":389235,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM7EMAADIR\/2W11iOVwKgCZAG71egAuIZ80KuBgAABAAEAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00454{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558735,"pkt_ts_usec":43354,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFYAAH8RctzAqAJktdYjlcAAAbsAL9\/2VKsBAAABAAAAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAAB"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1625558735043,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}}
 00646{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1625558735,"pkt_ts_usec":164269,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"YDjgxTWgeJS0JASgCABFAADM7yMAADIR\/IW11iOVwKgCZAG7wAAAuFhlVKuBgAABAAEAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -201,7 +201,7 @@
 ~~ total detected protocols..: 39
 ~~ total active/idle flows...: 39/39
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1863468 bytes
+~~ total memory allocated....: 2049019 bytes
-~~ total memory freed........: 1863468 bytes
+~~ total memory freed........: 2049019 bytes
-~~ total allocations/frees...: 33510/33510
+~~ total allocations/frees...: 35515/35515
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bad-dns-traffic.pcap.out

@@ -76,7 +76,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1758841 bytes
+~~ total memory allocated....: 1944104 bytes
-~~ total memory freed........: 1758841 bytes
+~~ total memory freed........: 1944104 bytes
-~~ total allocations/frees...: 33707/33707
+~~ total allocations/frees...: 35712/35712
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/badpackets.pcap.out

@@ -207,7 +207,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bitcoin.pcap.out

@@ -115,7 +115,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5959152 bytes
+~~ total memory allocated....: 6144439 bytes
-~~ total memory freed........: 5959152 bytes
+~~ total memory freed........: 6144439 bytes
-~~ total allocations/frees...: 34148/34148
+~~ total allocations/frees...: 36153/36153
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bittorrent.pcap.out

@@ -1,27 +1,27 @@
 00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":246718,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 01302{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":465293,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
 00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00520{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":550422,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
-00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00581{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":858917,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
 01260{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2405,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
 00627{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2492,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"LFbcjDU0xCwDBkn+CABFAADK\/idAAEAGAADAqAEDUjlhU86Xz5EMkOiMIylXIoAY7zF19AAAAQEIChnb8wcAFHn+aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpSOWFTZQAAAAEP"}
 00444{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2632,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCeFJAAEAGAADAqAEDUjlhU86Xz5EMkOkiIylXIoAZ70J1bAAAAQEIChnb8wcAFHn+AAAAAwmf\/wAAAAMUAwA="}
 00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00521{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":259674,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
-00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00541{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":318758,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
 01337{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391655,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
 00606{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391790,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"LFbcjDU0xCwDBkn+CABFAAC41NtAAEAGAADAqAEDU9i48c6fyNXli2mfSWt9n4AYK9\/PHwAAAQEIChnb+G54G0dGaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpT2LjxZQAAAAEP"}
 00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00521{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441455,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
-00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00521{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441488,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
-00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00547{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":680695,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
 01300{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689018,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
 00601{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689132,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"LFbcjDU0xCwDBkn+CABFAAC1EEdAAEAGAADAqAEDTzXkAs6gOSOymih3I+P32oAYmvb1igAAAQEIChnb+ZYAAH2qMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpPNeQCZQAAAAEP"}
@@ -29,23 +29,23 @@
 00448{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":170199,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCmoJAAEAGAADAqAEDU9i48c6fyNXli2ojSWt9n4AYK\/LOqQAAAQEIChnb+3R4G0d8AAAAAwmf\/wAAAAMUAwA="}
 00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00521{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":233620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00582{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":293627,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
 01263{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357464,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
 00599{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357569,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"LFbcjDU0xCwDBkn+CABFAACxx\/1AAEAGAADAqAEDlxpfHs6hWJHZNtX8fkyVyoAYJmO4hwAAAQEIChnb\/CoRKfe8dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcaXx5lAAAAAQ8="}
 00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":452512,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00591{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":153525,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"LFbcjDU0xCwDBkn+CABFAACrZhpAAEAGAADAqAEDlxpfHs6hWJHZNtZ5fkyVy4AYJnO4gQAAAQEIChnb\/0ERKfrcAAAAAwmf\/wAAAAMUAwAAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
 00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":321042,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
-00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00571{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":481962,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
 01274{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641866,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
 00605{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641981,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"LFbcjDU0xCwDBkn+CABFAAC2nnFAAEAGAADAqAEDxmSSCc6n6wMx0m183F515IAYZnkawgAAAQEIChncASMB8nFWZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMjp1dF9yZWNvbW1lbmRpNWUxMDp1dF9jb21tZW50aTZlZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6xmSSCWUAAAABDw=="}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":675839,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00446{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":78142,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCIPVAAHYGyZfGZJIJwKgBA+sDzqfcXnXkMdJt\/oAYAQEO9wAAAQEICgHycYEZ3ACEAAAAAwnrAwAAAAMUAwE="}
 00590{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136116,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
 00570{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136499,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"LFbcjDU0xCwDBkn+CABFAACdvFdAAEAGAADAqAEDU9i48c6fyNXli2oxSWt9n4AYK\/LPBAAAAQEIChncAw54G0oPAAAAZRQGZDg6bXNnX3R5cGVpMGUzOm51bWkyMGU2OmZpbHRlcjY0OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl"}
@@ -56,10 +56,10 @@
 00447{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":590592,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFAABCWLhAAHIGbLK+Z8M4wKgBA7YpzqY3Rp8Zk9Uw2YAZAQFLnQAAAQEICgC\/bJ8Z3AbVAAAAAwm2KQAAAAMUAwE="}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00525{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":358684,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":533855,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00590{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":879822,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
 01259{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888825,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
 00630{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888918,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"LFbcjDU0xCwDBkn+CABFAADJ6cdAAEAGAADAqAEDUjlhU86qz5GeFCr+34MkuYAY0oJ18wAAAQEIChncDb8AFHy2dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlI5YVNlAAAAAQ8="}
@@ -67,13 +67,13 @@
 01414{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":129053,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
 00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":234548,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
-00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":240646,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
-00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":265759,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00554{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":295037,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
 00571{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":314407,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
 00949{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":341953,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
@@ -83,19 +83,19 @@
 00458{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":394012,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHP2VAAEAGAADAqAEDl0j\/o86w6hjbuZX6\/XvsloAZKEhY0QAAAQEIChncD64AaNAEAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":407300,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00524{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":622629,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
-00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00456{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":169825,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHu31AAEAGAADAqAEDlxpfHs6vWJEERbbQ8qKrG4AYJJ+4HQAAAQEIChncErERKguWAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
 00493{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":244642,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"xCwDBkn+LFbcjDU0CABFAABjNRhAAHUG5CNSOthzwKgBA5Whzqv4VNChMb0e+YAY+6GlEwAAAQEICgCERrEZ3A98AAAAAwmVoQAAAAMUAwEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":336620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00539{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":513452,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":582427,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
-00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 01309{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697499,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
 00666{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697619,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"LFbcjDU0xCwDBkn+CABFAADktcxAAEAGAADAqAEDxmSSCc6z6wOon+wFBozYFoAYZUAa8AAAAQEIChncFLoB8nNNbmx5aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OsZkkgllAAAAAQ8="}
 00538{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":23540,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
@@ -103,7 +103,7 @@
 00599{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":175253,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwJkxAAEAGAADAqAEDxmSSCc6z6wOon+y1BozYJIAYZVEavAAAAQEIChncFpQB8nNxAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00524{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":229541,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -112,7 +112,7 @@
 00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00547{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":285065,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 01294{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324542,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
 00659{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324595,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADe4MhAAEAGAADAqAEDlw8wvc61t5l0EJEh2E\/DpoAYIOSKSAAAAQEIChncFyZLXJjmMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcPML1lAAAAAQ8="}
 00457{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324725,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHCeZAAEAGAADAqAEDlw8wvc61t5l0EJHL2E\/DpoAZIPWJsQAAAQEIChncFyZLXJjmAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
@@ -123,10 +123,10 @@
 00599{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":174644,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwZdxAAEAGAADAqAEDvmfDOM6ytinSUvcrM6byOYAY+3dD7gAAAQEIChncGnQAv35iAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":413724,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":422152,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
-00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 02384{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574300,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+LFbcjDU0CABFEAXUB15AAHYG3ZzGZJIJwKgBA+sDzrMGjRYqqJ\/tU4AQAQG8XgAAAQEICgHydAoZ3BtZaj4Otodbsp7HwOrWkU\/l\/Z5dQRXljshJbIjPWf0VHO+Ec\/y3FSyWmsRQp46nPFKjHG0PZVKmHo4Ws8XSdOtRrVKmJnR9tRw2Lpv2cqWKq0cLhavn8Z4TA47AUc0w2JUa8KcqFaOHSq4mphalRSnRgqWW4rMcRVoVlTxLjhcVQhTjSqylNP2UpfjD8Y9M+FMPxh8eeE\/2dfFGreIvh5Z+Ob+1+HWva7HJFrGoQXll4Y0qLUPt9lNJ9p0PRruPVIbL7XokxuNNkKWcEt1MzV5X4b8ReJPB9i0eiXZ0eOz8PS25vdA1zUNNkl8O2mtaPexzW+npqYtl0rW4XtzM7G4E0zD99LvmtbT97JvGn7OX7VnjbVf2XU\/Zo8UfBr4TfB7QLvxb4H+Oa+A7bwv40+FureGxDqPia1vNHn8F6fNZeFdZuNVsZjBd6\/rjX1iWe4NnfQWZs\/52dJ1YWWn6bfvts47nSbmzuZi0hha0GlWclraxwaTLctcweTE63KShXCT3b3SmdPOr7TJ86eYT+sYanicuzjKKWHxLwmIoqhiaeLxU8XisJOlUy+nQoS9uqHtfYUVzUMbXlh62FpqVFT97hLO8f7D6nmeFqYSeFoUZSk8RXqrEYKqsWp42pOLwTWJxSVaNenUw1J03Gph68K1oTh+j+s\/AP4kftGa7YeLvBem+H7D4cx+GdGtrS7l8RNq3h7wk04uLK80v7dbiTWk1f7WEWeSTRbiManb\/AGkAAEAJBwAAAzAAAMAAeEyvA55bwvDrn7OWp+NvDvjLxNdWevWVzfx+DLLw9p9j4rsrjxrd2V1dnx54eW9vdP0e3l0G0naO9MlidRjaUkWqSOZIcnwV8SNTn\/Z51DSfh20PhbxB4Q8Q2tzqslhf30fiu40PWdfbUdKvI7HSLhEZhBHdSRXhjuYLeOAbkt2jjNfMt\/r\/AIt8R6qza7rHi7Ufs1nf5jtFuNQi0rToNEvNVurWzttMms7B4UkUPLcJaw2t2qvO03mMxr188w1THZVl2PxGcYlLMcup4RYOvQVaVLD4GnHKq86+Yc+PeOhmlClTq4zDOMalPKczw7o151Y8tf8AccbnPCuVQwtbJOHpw4qWI\/tivm6qwp4SrDOIQzGeBwGUYTJsslgYZVWxCwtLEYbM7RxmFxTwbpupQeGi1W5uZLi\/v7p73VtcmmtNUtdXuxaahJa2M2qW8ems1ml1dQXd85aQyaXerMqy3ETXEoEQlT2D4H\/G7xx8Kri58J6APhX4SuPG3inRrnXvEHiXwofEV\/oUenmw0rTri8NhqWtTDwtoDJJfXlvFpU9yFMjoXVAG+frtJ47WwtdWOu32n3drb6ZPYTCyuna3jkiW7\/s2e4WFIpVS5jEUb3NxDHvLSSqIRnuvBF5p2lPpXxA1Xw\/4Lv5Tq2uyeH\/DPi7VtW+0arqOqWlzbW+v6zommXNjB\/wi\/hC6XLRzzWQvJE+ystxAs0i\/PZ1gaWPwtTJcxyKliqde\/s6OHeFlRqV6Mm6S9niKlWCUHTlXlSeHdDD1IKtKHssPOR85w1n2f5Bn9XN8pzWvk9WCn7TMG6tSph6GIaca0cTGWMq0WuesoVMNhsRXU413QlPndav+vP7SfxM8UeH\/AIA+L9B8DePPD\/ibwHYXeg+DfGfi8eM9OsfFHiPUJLa51WLXLjwd4UsLXwdpqeHr2Rr+y0q3juXs5J5RJF9hSS5n\/Fjw3dy6tB4nvZ78wLpn2i\/ht7lIIo2vFktrlNRjsLrUbdZtQtlmVIbVJb2SN42YSSASNb\/c3wluPBnxm+GUOm\/FDUrr4a\/CH4Oaz4w1z4qa74EtPD6ar8Vte+J+kaze+HhaR65rc8s3i+60vTFsNMDW2vSWui2GEiSD7Lbn4V8TR6RNPr+naJeeJJ7HStRu5PDc1rc3qald276v"}
 00453{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574440,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFMFJAAEAGAADAqAEDxmSSCc6z6wOon+1TBo0byoAYZVEaUQAAAQEIChncG\/wB8nQKAAAADQYAAAMwAAEAAAAAQAA="}
 00591{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":654379,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
@@ -146,13 +146,13 @@
 00440{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":118255,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LFbcjDU0xCwDBkn+CABFAAA9WCBAAEAGAADAqAEDvmfDOM6ytinSUvenM6byaYAY+3dDewAAAQEIChncIcwAv4ZsAAAABQQAAAAA"}
 00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00524{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":213097,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
-00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00525{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":262874,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
-00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":275201,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
-00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00539{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":297747,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
 01340{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371695,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
 00816{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371807,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"LFbcjDU0xCwDBkn+CABFAAFUAnpAAEAGAADAqAEDU9i48c6\/yNUzq1mtBM6WrIAYL4nPuwAAAQEIChncIrV4G2gMaTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlPYuPFlAAAAdAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -186,7 +186,7 @@
 ~~ total detected protocols..: 25
 ~~ total active/idle flows...: 25/25
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1872882 bytes
+~~ total memory allocated....: 2058321 bytes
-~~ total memory freed........: 1872882 bytes
+~~ total memory freed........: 2058321 bytes
-~~ total allocations/frees...: 33713/33713
+~~ total allocations/frees...: 35718/35718
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bittorrent_ip.pcap.out

@@ -31,9 +31,9 @@
 00430{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":655766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0sWRAAEAGg18KAAAOTd6uFLYSCzLKDfOQBYAaqIAQX+uwlAAAAQEICgBqkTAaLRVq"}
 02394{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":662177,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXPNAAFYGvAhN3q4UCgAADgsythIFgBqoyg3zkIAQAQTQ7AAAAQEIChotFWoAapAXTPv37xKBkoPcElMXJP4F6GkLBpIwNvPUyhbAXIPXCxH3rsfyP2Mf60BHbSeuspLgDZ\/KA0RID2XY68rmNpCJj+1ifQEadclYnN9QraJ9Hk9mmtVWe4LhShrgqO\/L6UEo2iBw6\/hvVzJzWX9X\/6KszxZb23GyMbco0bUU61\/2zjDsTp7WWwO0eZWK+7yS6XZFQIajjf15D8hKQw4r75p\/Hil8m3+nJ6DaIx5SHxDNbcNODJAT\/uGSnovNzrmQCIXkAaj43ukrVXAdcVhDz+U409jOs9SBUNE8SeJ205EpV5+CG4J6\/yNfKdGED75RIUfsR57433WxaBIezraHpW38aY4eX84kX5tSqALijjwQaQ4GJ4b8hKqOhKGpjNs77PesVmEJrFTm8VixZzBOHQ77zLEDSVP8v4xTHrXKNpK+ZnWA9jaukBJBf+VaDBOxLsdiV3BqAneXxMsDzWW8u3E8GU2JXZjubG6DKFS\/tOnsOQarpWkt9hDAYcn7FSRgdyebve3gt7jHdSeQrTUY1dVzg5ehZUXUHqjX0r9C9i6tgABOQCim2IdjSaeV8hpRwCNvyC84rnTTvYotr2HcujGIUMJ3kfwQdSqhRfz9OXDyC6MX0adDDXV6JIjCkKCmfKs3uG6C9zmEUmIqhLMfEu3xhONN3Z0FBt+zc4ZES2qixYTgce0+UcZ\/rZq3NxqhdKqYguk+KFgDEVZYWAZSReWhUBdlNcD\/sLsSzSL4hTHS1P3Kkhyv8+FqHTCZR20ozKNMw7voSOFfi0hzNMNZ3DbqO6TZWHn9sdpivnCwEl9y9gd0+b\/3AwNoQ+DAdSEYmmUNqhIl5QezNikwirjGfA5oSXbTps7oT8rTnuaPRiOP6dYBe6IEhaHZcF5fB11Ok1GBo3s4Rq+mcGOTeb5OeTcCwCCgBLEQ6EqvMZWZTx8vy7MOMAARWCBSh3tNHOif34oMOskf9lpTaIQqCx8kzFSqnBW8lm2c2FMP3oj3MiVpZ1Pk0Oj9pI4c5SJchAOMXIE+mIDd7c9vxlb+TyRgzkrarmo1UFRee8+0DBTfrgkl5pxOvUyxkAX+ezFKu6p7WqNCMQ2XJrbEVJW8flwrbk2O51h3E68KhZF4oz5pOzlrC7yK9lTq+cdmQwDag4Iz6\/dy35t1GcC+GH+JXLOwIiA6l2E\/I+AR8Bxx6kKblK3TuhHrmOAEF0VvwReAMAxOncr0VW8CYRJKlSQCwDdE0qDKPYFToKkrO29WGtSfr0qfQDNOuk4PGAp6OaxVIk2x34oLtOz+xXds01bfe5+8VSie3cerqt\/aJQuFf9WPL44LmbvACsRg6JgerrcOsO0zz8hp3N5iY6u7RI9s7h1YY+uzpp2RLlUjuBKRL23q2lctRA8O9XaSEfCd4DfJITDxEtTqsxPNGTQYvBYMLMts8fxKM\/qmaFGrEF\/F2Z\/eVPygQJLn0T9AnmeomiQOOUdDyht5Mt\/fcxM16dRXlzqVdaKap4D9z63aJfjmUp\/AWMcMWJg7fUkBZTSB008KTAc+fJz5od9gZzUNjqeizGF3BIGR5EFdTFPpX\/irlzCphDdnQe7WrGMCD1wxlOeoTD+gh5mhVHwEBzDrYcryeDvGP+PdHrJZZAWJ1nsr2gqpDZVWJ2xVadt0P+h\/GDGfUod1FtVZBG\/QSDxR7iqJVl4KNOEvtCmld4Kk8gdRZZpB87TiKNJuW81HmI2hyNPY9Tvgas6JDOzbDec7TiryT6HZmHkq5GCRb4Tc46fJAx2ipoDbLdX75fyAA+QJwvEPh7hoIklnuh+MtZz\/9WX43JGNxqzEs4yHkBBuGVNHC9RTC\/amzwJSC0oV0Pb4I79iKSPPyAtT6fbZkQF0VFWQU0nOaW9Zmnw2CiH0I9xCDrZYeHB4SrTQyO7XsArVkw9vdLyyhhUjrUnnW9yk4\/o="}
 02399{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":662203,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXPRAAFYGvAdN3q4UCgAADgsythIFgCBQyg3zkIAQAQQ3QgAAAQEIChotFWoAapAXYNOsn7lwbwgXErTPWnqHh1cl69dM2t2JJ4jmOcSnHYWJHX3dJ2IbVMw73tm6RhzQ37XmqEPvCmoYGyw69iDhYe+2b9SGubuLVyPTiKywe\/C92yKYICgV3TQzuGAnNC\/RYvE6WsIR+06b6F73RqsePJ7BFhgzUWaPSRSnwtsFtQZXlwaa2z7xMucEQfrw7PBKF6JXxhAcZgBDq9tGmnnt79PSPtGLNwCoGbMr7IlTUHvmiQbEF0BkjOIR9CREqChtHEtror7tBdmyzgsXX7d5B2lnP069nRDIyKxRbrIULeVH7iCXxLYpKQROdB5VUppMlSTgNGBOudBdcGCUtuFz7GbqdaxJCdv3x2GOP0a7t8+cYW1nWSXI3h5O1j3rNIXpzd4IvdndVS5FlQfsTTt0QHE74QtLqR\/O7Ft97z7lEGWS+WEIkSGTwUtrEOrpfUQ35NdK7TUod30ErQjccBRXTnv5Fz2ZBQ7fNLswuq5x8uVHKtSCpVmNt0+dZoZpJpg6L6x80UQEpBZepgbu94HM\/dJ\/hEMASN3wCswf8acbuHuYkWQYkFbuzdM9DnyYfKkxFx10BMEagMOhdYdRFV4PkEHTJQz+\/Fx7q5yngGQE6bRZ\/b3IBWul9igmEYFszK\/5b04G6C7hyE5cUOqtsSsIIR83HaX18R+H7pG8Hr1cEYLzI2oQ4gAxsLpLe\/ohICfLM4tSUNx1kqMgp\/lRs20I0vNSDnLy0omLjYc6SXbtCw7iCv8VTGLmfl+qnKOieBEurv\/36cS17VqM90Svc9MGGlAKh33+BXHiS6f9r2\/esj5e5mSiS1NPpBFUHiOzzyfbZm+oMIhtPCRkolGkSDQwqVRhFTf02\/qFunpdTBFN7c\/BH76diOgZPz+Rue2ziTL5NKv+jalBU7QjPQt2Rxduaz7NfMLZu35DJYutzypJioTmqNrYv4J8mOl6\/FPp2345\/6IGrYSjpGmTAQYDlW0QDu5iLD9TbgSE+svxuhBBd6vr0OwxaoSQqxbOLedBX+j8e2\/O3zd2pe+PuV1KoglCy8DyvSIR8d\/rezcejg9HwBuiSti1u83wn9jHghW96buN0BVyD3FeqcAADooPtJTFw8lcNOsHy6jxEBZCWKwhMLzNsN4yHt4+hRIDfkC5AyA55XsGoJ1Nko4yOewoN+WrXd0AewLO8Du2bSHPeoq2jMtOxc9UESatwsvIjPOR197ghQiUhBJVrNSkpMcjrbhPpEutm2Altzoi8gS7voI5iEg+DtP07gnzuTSC76hE5AsovHX8knu\/e5XxbHehHyc7jZ9GPR1l7xzC\/Y5sOIMV+jNxVIhBuvCEE5JrIIFJIbkEJqYyxE069rUf6UCpadFw5VhkcIjwSDPMwpU6TzNZ0yCdQSByLwH7\/jCujElqw3o1qHEttVlgR6KOEG4DKVm3bhbS6lRjvllQIrcfsDxztiYCDEfVqHa72Hhx0Eds+y\/wQCyQdVz\/FHnq8iYyTf\/GePJz1H4HKfILJqqcHRjtuT2odIv+Nm\/hELYDXaBYO3em2jmCNUvruQomTUZoOdkn24MD9503F9rQtW1BPYGzI9w93UNLkyKgQbq9qk5sALPFYAlQMCagNniGZhDXD35b3Vc2qjebOGhcz\/Hk+cCAaNmdm5KSGQQOqSNZsyhex\/ptVCJl5FVE2GPnyqG8SJRuMLzuL\/LRO+DCGcL3j38PzGcSNZg+qMnrfekvZEhgQfQFT\/BRHDsUExwBRHOZ6pKMLEV0PRJYOCMsV8U9fvq3suA+W++1Uf9beaH9QD7PptNameLfjiupm4iKR80Lt9MJbVdbycEMiMEE89BlhXTY83Y4EG\/l4R4OgIiMo4SXLhlDNY9\/4MM1p2UwOwo4gzZmV520IvMBJmkQE5hkEeSP+hUwb6AKm5XmcfeBbn865ZYi7j+Oz7xF97U="}
-00579{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":""}}
+00575{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00580{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":""}}
+00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":""}}
+00572{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508994096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test"}
@@ -44,7 +44,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 3178134 bytes
+~~ total memory allocated....: 3363389 bytes
-~~ total memory freed........: 3178134 bytes
+~~ total memory freed........: 3363389 bytes
-~~ total allocations/frees...: 33855/33855
+~~ total allocations/frees...: 35860/35860
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bittorrent_utp.pcap.out

@@ -1,7 +1,7 @@
 00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00542{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385034,"pkt_ts_usec":843882,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":""}}
+00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00543{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385039,"pkt_ts_usec":236076,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="}
 00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="}
 00447{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274157,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"LFbcjDU0xCwDBkn+CABFAAA60g0AAEARAADAqAEFUvNxK5\/\/\/ckAJoYDIQJTAgb\/P19\/\/\/\/\/AADwAEnH5\/UACAAAAAAAAAAA"}
@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1743953 bytes
+~~ total memory allocated....: 1929200 bytes
-~~ total memory freed........: 1743953 bytes
+~~ total memory freed........: 1929200 bytes
-~~ total allocations/frees...: 33405/33405
+~~ total allocations/frees...: 35410/35410
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bt_search.pcap.out

@@ -1,11 +1,11 @@
 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00555{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752225,"pkt_ts_usec":251619,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":""}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00556{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752525,"pkt_ts_usec":284866,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"FileTransfer"},"bittorrent": {"hash":""}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -15,7 +15,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744669 bytes
+~~ total memory allocated....: 1929924 bytes
-~~ total memory freed........: 1744669 bytes
+~~ total memory freed........: 1929924 bytes
-~~ total allocations/frees...: 33324/33324
+~~ total allocations/frees...: 35329/35329
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/capwap.pcap.out

@@ -77,7 +77,7 @@
 ~~ total detected protocols..: 5
 ~~ total active/idle flows...: 5/5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1765580 bytes
+~~ total memory allocated....: 1950859 bytes
-~~ total memory freed........: 1765580 bytes
+~~ total memory freed........: 1950859 bytes
-~~ total allocations/frees...: 33728/33728
+~~ total allocations/frees...: 35733/35733
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/check_mk_new.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744301 bytes
+~~ total memory allocated....: 1929548 bytes
-~~ total memory freed........: 1744301 bytes
+~~ total memory freed........: 1929548 bytes
-~~ total allocations/frees...: 33417/33417
+~~ total allocations/frees...: 35422/35422
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/chrome.pcap.out

@@ -122,7 +122,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2401042 bytes
+~~ total memory allocated....: 2586329 bytes
-~~ total memory freed........: 2401042 bytes
+~~ total memory freed........: 2586329 bytes
-~~ total allocations/frees...: 39041/39041
+~~ total allocations/frees...: 41046/41046
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/coap_mqtt.pcap.out

@@ -44,12 +44,12 @@
 00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00418{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":976582,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":977291,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
 00419{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907244,"pkt_ts_usec":175731,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
 00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00419{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332152,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00416{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332556,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
 00419{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":532086,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
 00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -57,7 +57,7 @@
 00425{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
 00417{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
 00437{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7095,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"CAAnmO\/hCAAnAERyCABFAAA7EL5AAIAG+EfAqDgBwKg4ZdEYRF3fAvFnrkjtw1AYAQCebQAAEBEABE1RVFQEAgA8AAVCdXM0MQ=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00409{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7143,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CAAnAERyCAAnmO\/hCABFAAAolKdAAEAGtHHAqDhlwKg4AURd0RiuSO3D3wLxelAQAOXx0QAA"}
 00417{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":8181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKhAAEAGtGzAqDhlwKg4AURd0RiuSO3D3wLxelAYAOXx1QAAIAIAAA=="}
 00492{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":16406,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEL9AAIAG+B3AqDgBwKg4ZdEYRF3fAvF6rkjtx1AYAQBtHAAAMzoACUJ1czE3SW5mbwABVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"}
@@ -76,7 +76,7 @@
 00530{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483346,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+f0hAAEAGyXrAqDhlwKg4AURd0RObj0l5TWIKIlAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00530{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483430,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00424{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
 00420{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":484395,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMVAAIAG+E\/AqDgBwKg4ZdETRF1NYgoim49Jz1AYAP8qugAAQAIAAgAA"}
 00419{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":485428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
@@ -194,7 +194,7 @@
 ~~ total detected protocols..: 16
 ~~ total active/idle flows...: 16/16
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2043837 bytes
+~~ total memory allocated....: 2229204 bytes
-~~ total memory freed........: 2043837 bytes
+~~ total memory freed........: 2229204 bytes
-~~ total allocations/frees...: 41882/41882
+~~ total allocations/frees...: 43887/43887
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/cpha.pcap.out

@@ -9,7 +9,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dcerpc.pcap.out

@@ -35,7 +35,7 @@
 ~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1751379 bytes
+~~ total memory allocated....: 1936650 bytes
-~~ total memory freed........: 1751379 bytes
+~~ total memory freed........: 1936650 bytes
-~~ total allocations/frees...: 33344/33344
+~~ total allocations/frees...: 35349/35349
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/diameter.pcap.out

@@ -16,7 +16,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1743681 bytes
+~~ total memory allocated....: 1928928 bytes
-~~ total memory freed........: 1743681 bytes
+~~ total memory freed........: 1928928 bytes
-~~ total allocations/frees...: 33326/33326
+~~ total allocations/frees...: 35331/35331
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dlt_ppp.pcap.out

@@ -9,7 +9,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnp3.pcap.out

@@ -151,7 +151,7 @@
 ~~ total detected protocols..: 8
 ~~ total active/idle flows...: 8/8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1781318 bytes
+~~ total memory allocated....: 1966621 bytes
-~~ total memory freed........: 1781318 bytes
+~~ total memory freed........: 1966621 bytes
-~~ total allocations/frees...: 33884/33884
+~~ total allocations/frees...: 35889/35889
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns-tunnel-iodine.pcap.out

@@ -31,7 +31,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1754045 bytes
+~~ total memory allocated....: 1939292 bytes
-~~ total memory freed........: 1754045 bytes
+~~ total memory freed........: 1939292 bytes
-~~ total allocations/frees...: 33753/33753
+~~ total allocations/frees...: 35758/35758
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_ambiguous_names.pcap.out

@@ -67,7 +67,7 @@
 ~~ total detected protocols..: 10
 ~~ total active/idle flows...: 10/10
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1770407 bytes
+~~ total memory allocated....: 1955726 bytes
-~~ total memory freed........: 1770407 bytes
+~~ total memory freed........: 1955726 bytes
-~~ total allocations/frees...: 33366/33366
+~~ total allocations/frees...: 35371/35371
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_doh.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1753052 bytes
+~~ total memory allocated....: 1938299 bytes
-~~ total memory freed........: 1753052 bytes
+~~ total memory freed........: 1938299 bytes
-~~ total allocations/frees...: 33466/33466
+~~ total allocations/frees...: 35471/35471
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_dot.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1747590 bytes
+~~ total memory allocated....: 1932837 bytes
-~~ total memory freed........: 1747590 bytes
+~~ total memory freed........: 1932837 bytes
-~~ total allocations/frees...: 33352/33352
+~~ total allocations/frees...: 35357/35357
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_exfiltration.pcap.out

@@ -31,7 +31,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1750159 bytes
+~~ total memory allocated....: 1935406 bytes
-~~ total memory freed........: 1750159 bytes
+~~ total memory freed........: 1935406 bytes
-~~ total allocations/frees...: 33619/33619
+~~ total allocations/frees...: 35624/35624
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_long_domainname.pcap.out

@@ -13,7 +13,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741517 bytes
+~~ total memory allocated....: 1926764 bytes
-~~ total memory freed........: 1741517 bytes
+~~ total memory freed........: 1926764 bytes
-~~ total allocations/frees...: 33321/33321
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnscrypt-v1-and-resolver-pings.pcap.out

@@ -1,28 +1,28 @@
 00498{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01099{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348929,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02382{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348955,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348966,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02382{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348987,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348993,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01099{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349002,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02382{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349019,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349026,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01099{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349060,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00667{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":453738,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC5oAADQRQF2VOOQtCgAAAQG7lfQAwC\/rf0eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00666{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":457124,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC5sAADQRQFyVOOQtCgAAAQG7640AwNpVf0OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00666{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":457244,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC5wAADQRQFuVOOQtCgAAAQG7spoAwBNIf0SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
@@ -91,24 +91,24 @@
 00669{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":362961,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWmUNAADQRblm5hsQ3CgAAASD70cEAwtgLfxqAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363242,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcylFAAL0RDRQKAAABaO66wK6oAbsCCOaEZFgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363260,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcylIgAL0RKVMKAAABaO66wN6lAbsGBMqkZFUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363265,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQylIAub0RTiYKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363274,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcylNAAL0RDRIKAAABaO66wJrnAbsCCOaEZFYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363284,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcylVAAL0RDRAKAAABaO66wOd9AbsCCOaEZFQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363284,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcylYgAL0RKU8KAAABaO66wOj5AbsGBMBOZFcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363284,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcylQgAL0RKVEKAAABaO66wK3LAbsGBPuAZFMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363288,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQylQAub0RTiQKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363289,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQylYAub0RTiIKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -123,26 +123,26 @@
 00666{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":399567,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUET5AADQRUHBo7rrACgAAAQG76PkAwCm6ZFeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599728,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZhNAAL0R0ewKAAAB0frxGYAZAbsCCIXq8VkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599740,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZhQgAL0R7isKAAAB0frxGdrjAbsGBM5Z8VQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599754,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZhQAub0REv8KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599762,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZhUgAL0R7ioKAAAB0frxGZEDAbsGBBg48VYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599775,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZhUAub0REv4KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599857,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZhZAAL0R0ekKAAAB0frxGZQ+AbsCCIXq8VUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599866,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZhdAAL0R0egKAAAB0frxGYYUAbsCCIXq8VcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599889,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZhggAL0R7icKAAAB0frxGefnAbsGBMFR8VgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599904,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZhgAub0REvsKAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00657{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":626301,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPni1AADcRISDR+vEZCgAAAQG7gBkAu2Pi8VmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
@@ -151,55 +151,55 @@
 00657{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628040,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPni9AADcRIR7R+vEZCgAAAQG7kQMAu1L78VaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628366,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcpRkgAL0RA98KAAABKU9FDapZAbsGBIt\/BsABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628383,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcpRogAL0RA94KAAABKU9FDbSVAbsGBIFBBsIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628389,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQpRkAub0RKLIKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628405,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQpRoAub0RKLEKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628422,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcpRsgAL0RA90KAAABKU9FDdrrAbsGBFrpBsQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628431,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcpRxAAL0R55sKAAABKU9FDZT4AbsCCDEyBsMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628442,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQpRsAub0RKLAKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628531,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcpR1AAL0R55oKAAABKU9FDdtxAbsCCDEyBsEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628565,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcpR5AAL0R55kKAAABKU9FDallAbsCCDEyBsUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00657{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628900,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPnjFAADcRIRzR+vEZCgAAAQG7hhQAu13p8VeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
 00658{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":629078,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPnjJAADcRIRvR+vEZCgAAAQG75+cAu\/wU8ViBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
 00663{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":788094,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcYAADIREz0pT0UNCgAAAQG7qlkAvgzwBsCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789535,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc6z5AAL0RYcwKAAABMw96+rLHAbsCCHDfxkkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789547,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc6z8gAL0RfgsKAAABMw96+pfTAbsGBFECxkYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789570,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ6z8Aub0Rot4KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789691,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc60AgAL0RfgoKAAABMw96+uk9AbsGBP+VxkgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789707,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ60AAub0Rot0KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789731,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc60FAAL0RYckKAAABMw96+o88AbsCCHDfxkcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02384{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789776,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc60IgAL0RfggKAAABMw96+phfAbsGBFB4xkQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789813,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ60IAub0RotsKAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01101{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789862,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc60NAAL0RYccKAAABMw96+pXaAbsCCHDfxkUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00663{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":791217,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcUAADIREz4pT0UNCgAAAQG723EAvtvWBsGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
 00663{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":793685,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcgAADIREzspT0UNCgAAAQG72usAvtxZBsSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
 00663{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":804750,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcQAADIREz8pT0UNCgAAAQG7lPgAviJOBsOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
@@ -213,26 +213,26 @@
 00663{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":821381,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTDfVAADURyF8zD3r6CgAAAQG7mF8Av3inxkSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155161,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcU1NAAL0RVBEKAAABizvIdOhUAbsCCBaGc5UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155166,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcU1RAAL0RVBAKAAABizvIdLjtAbsCCBaGc5EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155210,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcU1VAAL0RVA8KAAABizvIdMSfAbsCCBaGc5MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155235,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155243,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQU1YAub0RlSEKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155254,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155262,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQU1cAub0RlSAKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155306,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155318,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQU1gAub0RlR8KAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00664{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":187672,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
@@ -271,26 +271,26 @@
 00661{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":218005,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQ+LZAADgRZ2\/DHl4cCgAAASD7glkAvOtuMsuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219291,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIciBpAAL0RGIYKAAABjgTMb4DKAbsCCB1KAhEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219317,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXciBwgAL0RNMQKAAABjgTMb+4iAbsGBKD1AgwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219319,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXciBsgAL0RNMUKAAABjgTMb4EvAbsGBA3nAg4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219331,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQiBwAub0RWZcKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219342,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQiBsAub0RWZgKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219372,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIciB1AAL0RGIMKAAABjgTMb6nxAbsCCB1KAg8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219398,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIciB5AAL0RGIIKAAABjgTMb8w8AbsCCB1KAg0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219453,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXciB8gAL0RNMEKAAABjgTMb7cIAbsGBNgLAhABAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219467,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQiB8Aub0RWZQKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00660{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":220178,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQ+LhAADgRZ23DHl4cCgAAASD70jMAvJuWMsmAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
@@ -328,29 +328,29 @@
 00476{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348735,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHTCJAADsRLU2VcHAKCgAAASD7nEkAM5Mra\/2AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348929,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348955,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348966,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348987,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348993,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349002,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349019,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349026,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00475{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349030,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHIUUAADsRmCqVcHAKCgAAASD7w3MAM2v+bACAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349060,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00476{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":350183,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHTCRAADsRLUuVcHAKCgAAASD7pkoAM4koa\/+AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00476{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":351475,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHTCNAADsRLUyVcHAKCgAAASD72tYAM1Sga\/uAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00476{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":354664,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHIUgAADsRmCeVcHAKCgAAASD72LoAM1a7a\/yAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
@@ -455,30 +455,30 @@
 00669{"flow_id":88,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105245,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiVAACkR6nQ0QeuBCgAAAQG7ukUAwPsiCm6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105460,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcRfwgAL0RYAgKAAABMw8+QZecAbsGBGX0xUgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00669{"flow_id":90,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105464,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiZAACkR6nM0QeuBCgAAAQG72HEAwNzyCnKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105484,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQRfwAub0RhNsKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105560,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcRf1AAL0RQ8cKAAABMw8+QbOpAbsCCDQmxUkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105609,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcRf4gAL0RYAYKAAABMw8+Qd1wAbsGBCAixUYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105630,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQRf4Aub0RhNkKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00669{"flow_id":89,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105709,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhidAACgR63I0QeuBCgAAAQG72qsAwNq7Cm+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105859,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcRf8gAL0RYAUKAAABMw8+QYLxAbsGBHqjxUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105877,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQRf8Aub0RhNgKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105922,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcRgBAAL0RQ8QKAAABMw8+QarCAbsCCDQmxUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":106245,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcRgFAAL0RQ8MKAAABMw8+Qe0\/AbsCCDQmxUcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00670{"flow_id":91,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":130685,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"ZmZmZmZmRERERERECABFAADZ1MsAADURfjwzDz5BCgAAAQG7l5wAxS3cxUiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
 00670{"flow_id":93,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132025,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"ZmZmZmZmRERERERECABFAADZ1MwAADURfjszDz5BCgAAAQG73XAAxegJxUaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -517,26 +517,26 @@
 00668{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":183337,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWP4JAADYRWt8tmbtgCgAAARD3ngMAwicyMPeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAJDQ0ZbvRpC3D0bgumZKuy3tvg+CeWgIXh45Ishvbc3SjW3OKRxUShg2C7mIARv2NR589zRzZQEE1IcPTnNuvwAPMT4OYzIpCP1X\/njGK43zV6uPrF4F7max8o8+EVSzPA8xPg5jMikIAAAAAV9TfFZfVM3W"}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286003,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaDJAAL0RMhoKAAABQlUec9pYAbsCCCOeLCwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286028,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaDMgAL0RTlkKAAABQlUec71AAbsGBPfPLCkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286045,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaDMAub0RcywKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286047,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaDRAAL0RMhgKAAABQlUec5yjAbsCCCOeLCoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286137,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaDUgAL0RTlcKAAABQlUec7lIAbsGBPvFLCsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286155,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaDUAub0RcyoKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286168,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaDZAAL0RMhYKAAABQlUec9NgAbsCCCOeLCgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286182,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaDcgAL0RTlUKAAABQlUec4syAbsGBCngLCcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286200,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaDcAub0RcygKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00669{"flow_id":107,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":399677,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOhAADYRDa1CVR5zCgAAAQG702AAwE8ILCiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -544,26 +544,26 @@
 00669{"flow_id":104,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":401005,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOpAADYRDatCVR5zCgAAAQG7vUAAwGUnLCmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01104{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402199,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc7t1AAL0RzDEKAAABXV\/ipbSvAbsCCALbx+wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02387{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402248,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc7t4gAL0R6HAKAAABXV\/ipcAiAbsGBEBnx+kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402267,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ7t4Aub0RDUQKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02387{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402318,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc7t8gAL0R6G8KAAABXV\/ipeMBAbsGBB2Gx+sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01104{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402323,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc7uBAAL0RzC4KAAABXV\/ipaSsAbsCCALbx+oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402335,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ7t8Aub0RDUMKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01104{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402350,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc7uFAAL0RzC0KAAABXV\/ipeY4AbsCCALbx+gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02387{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402392,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc7uIgAL0R6GwKAAABXV\/ipZ6TAbsGBGH4x+cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402408,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ7uIAub0RDUAKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00669{"flow_id":105,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":405003,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOtAADYRDapCVR5zCgAAAQG7nKMAwIXDLCqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -574,26 +574,26 @@
 00665{"flow_id":113,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":466578,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTA\/UAADYRf2RdX+KlCgAAAQG75jgAv7Apx+iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAEQUmbKEod9nlyKPPrQqGP9Ls8t6H\/YHI72RThtMayAXvqOxd6z058i8UJ7+KMLpc+YgjKuAGDN2+1oeB3OFIgnw9LuNjyX7NTXMUO6Dulhi3d3ExK4wLeAsg632WDfaPfD0u42PJfs1X1OugV9TroFfVQAB"}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403292,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcmsFAAL0RhlMKAAABM56mYZCrAbsCCJzVB2IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403317,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcmsIgAL0RopIKAAABM56mYbiZAbsGBBC9B18BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403330,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQmsIAub0Rx2UKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403338,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcmsMgAL0RopEKAAABM56mYbPyAbsGBBVmB10BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403350,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQmsMAub0Rx2QKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403392,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcmsRAAL0RhlAKAAABM56mYdyuAbsCCJzVB2ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403417,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcmsZAAL0Rhk4KAAABM56mYeuuAbsCCJzVB14BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403417,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcmsUgAL0Roo8KAAABM56mYbvBAbsGBA2TB2EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403429,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQmsUAub0Rx2IKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00675{"flow_id":115,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":428375,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKhpAADMRgkAznqZhCgAAAQG7kKsAw\/s4B2KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -601,28 +601,28 @@
 00674{"flow_id":116,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":431691,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKhtAADQRgT8znqZhCgAAAQG7uJkAw9NNB1+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432544,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc141AAL0RhaIKAAABsDjtq6L1AbsCCGC6smcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00675{"flow_id":117,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432560,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKhxAADMRgj4znqZhCgAAAQG7s\/IAw9f2B12BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
 00674{"flow_id":119,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432581,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKh5AADMRgjwznqZhCgAAAQG7664Aw6A5B16BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432603,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc144gAL0RoeEKAAABsDjtq9cGAbsGBFSSsmQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432615,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ144Aub0RxrQKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432619,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc149AAL0RhaAKAAABsDjtq8ijAbsCCGC6smUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432660,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc15AgAL0Rod8KAAABsDjtq49EAbsGBJxWsmIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432673,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ15AAub0RxrIKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432695,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc15JAAL0RhZ0KAAABsDjtq79wAbsCCGC6smMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432697,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc15EgAL0Rod4KAAABsDjtq7zFAbsGBG7RsmYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432711,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ15EAub0RxrEKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00674{"flow_id":120,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":434574,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKh9AADQRgTsznqZhCgAAAQG7u8EAw9AjB2GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -663,24 +663,24 @@
 00669{"flow_id":132,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496650,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUfxwAADgRxYmy2MneCgAAAQgF5XQAwCzTfSOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496723,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcbsxAAL0R7dwKAAABLUxxH6jYAbsCCGFBZBkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496730,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcbs0gAL0RChwKAAABLUxxH9fjAbsGBNdkZBYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496749,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQbs0Aub0RLu8KAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496759,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcbs5AAL0R7doKAAABLUxxH8mFAbsCCGFBZBcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496865,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcbs9AAL0R7dkKAAABLUxxH6sAAbsCCGFBZBUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496868,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcbtAgAL0RChkKAAABLUxxH+k7AbsGBMYOZBQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496872,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcbtEgAL0RChgKAAABLUxxH8tlAbsGBOPgZBgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496883,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQbtEAub0RLusKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496886,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQbtAAub0RLuwKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -693,55 +693,55 @@
 00670{"flow_id":134,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":829317,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSA+lAAC8R6AotTHEfCgAAAQG71+MAvjWuZBaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38037,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+3JAAL0RigEKAAABl1DeT9J0AbsCCDh2XDIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38043,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+3MgAL0RpkAKAAABl1DeT7G5AbsGBKXWXC8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38059,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+3QgAL0Rpj8KAAABl1DeT7pxAbsGBJ0gXC0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38062,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+3MAub0RyxMKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38076,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+3QAub0RyxIKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38155,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+3VAAL0Rif4KAAABl1DeT8tIAbsCCDh2XDABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38168,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+3YgAL0Rpj0KAAABl1DeT+EkAbsGBHZpXDEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38185,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+3YAub0RyxAKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38215,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+3dAAL0RifwKAAABl1DeT5ZvAbsCCDh2XC4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00674{"flow_id":139,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":59490,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4ZAADQRFDOXUN5PCgAAAQG70nQAw+UcXDKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00674{"flow_id":140,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":59779,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4dAADQRFDKXUN5PCgAAAQG7sbkAwwXbXC+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61047,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcXchAAL0RQhgKAAABjgTNL+aDAbsCCB4KqlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61065,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcXckgAL0RXlcKAAABjgTNL8TTAbsGBCE2qlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61081,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcXcpAAL0RQhYKAAABjgTNL5zKAbsCCB4KqloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61087,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQXckAub0RgyoKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61101,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcXcsgAL0RXlUKAAABjgTNL8rfAbsGBBssqlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61118,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQXcsAub0RgygKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61197,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcXcwgAL0RXlQKAAABjgTNL9NQAbsGBBK3qlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00674{"flow_id":142,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61202,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4lAADQRFDCXUN5PCgAAAQG7y0gAw+xKXDCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61216,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQXcwAub0RgycKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61289,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcXc1AAL0RQhMKAAABjgTNL4w\/AbsCCB4KqlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00674{"flow_id":143,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61517,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4pAADQRFC+XUN5PCgAAAQG74SQAw9ZtXDGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00674{"flow_id":144,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":62260,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4tAADQRFC6XUN5PCgAAAQG7lm8AwyEmXC6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00675{"flow_id":141,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":63093,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4hAADQRFDGXUN5PCgAAAQG7unEAw\/0kXC2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
@@ -750,28 +750,28 @@
 00672{"flow_id":146,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":168571,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfAAADQRWDeOBM0vCgAAAQG7xNMAwo9hqlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":168986,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcuoVAAL0Rw2MKAAABwb+7a5HQAbsCCEABLy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169044,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcuoZAAL0Rw2IKAAABwb+7a4wtAbsCCEABLysBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02387{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169070,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcuocgAL0R36EKAAABwb+7a4H\/AbsGBBdyLyoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169102,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQuocAub0RBHUKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169132,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcuokgAL0R358KAAABwb+7a9PHAbsGBMWnLywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169132,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcuoggAL0R36AKAAABwb+7a7+QAbsGBNniLygBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169148,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQuokAub0RBHMKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169153,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQuogAub0RBHQKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01104{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169188,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcuopAAL0Rw14KAAABwb+7a7\/bAbsCCEABLykBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00672{"flow_id":147,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":170686,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfMAADQRWDSOBM0vCgAAAQG7nMoAwrdpqlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
 00672{"flow_id":149,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":171174,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfIAADQRWDWOBM0vCgAAAQG701AAwoDiqluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
 00672{"flow_id":150,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":175518,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfQAADQRWDOOBM0vCgAAAQG7jD8Awsf2qliBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
@@ -814,28 +814,28 @@
 00670{"flow_id":158,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":77231,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoJAADURNfkzD3zQCgAAARD3wzcAwu3baUKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":163,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78105,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/chAAL0ReVsKAAABp3LcfZBCAbsCCEbGm2kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":164,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78124,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/ckgAL0RlZoKAAABp3LcfZZsAbsGBGHYm2YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78136,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/ckAub0Rum0KAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":165,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78188,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/cpAAL0ReVkKAAABp3LcfZuIAbsCCEbGm2cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":166,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78192,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/csgAL0RlZgKAAABp3LcfbItAbsGBEYVm2gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78199,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/csAub0RumsKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":167,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78205,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/cwgAL0RlZcKAAABp3LcfejFAbsGBA+Bm2QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78218,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/cwAub0RumoKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":168,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78271,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/c1AAL0ReVYKAAABp3LcfbKzAbsCCEbGm2UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00670{"flow_id":159,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78771,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoNAADURNfgzD3zQCgAAARD3laYAwhtvaUCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00670{"flow_id":162,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78813,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoVAADURNfYzD3zQCgAAARD30n8Awt6UaUGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00670{"flow_id":161,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":79094,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoRAADURNfczD3zQCgAAARD3m+YAwhUraUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
@@ -907,26 +907,26 @@
 00669{"flow_id":179,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805555,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTW7tAADkR0GK5\/ZpCCgAAARD3vB8Av9b\/Y0iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01104{"flow_id":181,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805654,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclaRAAL0RCvwKAAABjgTMb8m\/AbsCCB1KEX8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":182,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805763,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclaUgAL0RJzsKAAABjgTMb+dYAbsGBJhPEXwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":183,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805774,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclaZAAL0RCvoKAAABjgTMb6OnAbsCCB1KEX0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805778,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlaUAub0RTA4KAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":184,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805808,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcladAAL0RCvkKAAABjgTMb7UbAbsCCB1KEXsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":185,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805827,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclaggAL0RJzgKAAABjgTMb99cAbsGBKBJEX4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805843,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlagAub0RTAsKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":186,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805857,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclakgAL0RJzcKAAABjgTMb7oFAbsGBMWkEXoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805876,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlakAub0RTAoKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00670{"flow_id":183,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":912043,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWoIMAADQRymOOBMxvCgAAAQG7o6cAwiYzEX2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -937,26 +937,26 @@
 00671{"flow_id":186,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":917627,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWoIgAADQRyl6OBMxvCgAAAQG7ugUAwg\/YEXqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01105{"flow_id":187,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804527,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/YZAAH4Rg9UKAAAB1C\/kiJXjAbsCCHuObd4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02387{"flow_id":188,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804527,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcIEwgAH4RfVAKAAAB1C\/kiIW0AbsGBB6ibd0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01105{"flow_id":189,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804529,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/YdAAH4Rg9QKAAAB1C\/kiMtYAbsCCHuObeIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804545,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQIEwAuX4RoiMKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01105{"flow_id":190,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805007,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/YhAAH4Rg9MKAAAB1C\/kiJ9HAbsCCHuObeABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02388{"flow_id":191,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805259,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/YkgAH4RoBIKAAAB1C\/kiNwPAbsGBMhCbeEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00450{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805278,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/YkAuX4RxOUKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02388{"flow_id":192,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805613,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/YogAH4RoBEKAAAB1C\/kiO3VAbsGBLZ+bd8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00450{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805632,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/YoAuX4RxOQKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00668{"flow_id":187,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":832369,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWpUBAADIRKWLUL+SICgAAAQG7leMAwtNqbd6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
@@ -1024,26 +1024,26 @@
 00668{"flow_id":203,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":308868,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSWtJAACoRyuCLY95ICgAAASD76AgAvjixmlWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":205,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47770,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclEJAAH4RqpMKAAABkFtq47ysAbsCCL4UZl4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":206,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47802,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclEMgAH4RxtIKAAABkFtq46CUAbsGBGABZlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47813,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlEMAuX4R66UKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":207,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47817,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclEQgAH4RxtEKAAABkFtq47xtAbsGBEQqZlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47828,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlEQAuX4R66QKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":208,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47867,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclEVAAH4RqpAKAAABkFtq49QhAbsCCL4UZloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01102{"flow_id":209,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47873,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclEZAAH4Rqo8KAAABkFtq49itAbsCCL4UZlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02385{"flow_id":210,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47885,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclEcgAH4Rxs4KAAABkFtq49O8AbsGBCzXZl0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00602{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47896,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlEcAuX4R66EKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00662{"flow_id":206,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":69636,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTkQZAADcR9hiQW2rjCgAAAQG7oJQAvzbjZluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
@@ -1083,24 +1083,24 @@
 00671{"flow_id":215,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":110024,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWzC9AADcRvxAu48g3CgAAASD7rIEAwu03FdKAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":217,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111009,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcKehAAH4Ra2AKAAABa6o5ItRnAbsCCGeiszEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":218,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111010,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111023,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":219,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111084,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":220,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111148,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcKetAAH4Ra10KAAABa6o5IpGnAbsCCGeisy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":221,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111157,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcKewgAH4Rh5wKAAABa6o5IoF3AbsGBDmjsywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":222,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111164,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111169,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111181,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQKe0AuX4RrG4KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -1114,24 +1114,24 @@
 00677{"flow_id":222,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":218321,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcvzkAADQRYU9rqjkiCgAAAQG7pJ0AyPvgszCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01105{"flow_id":223,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460375,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcPTRAAH4RwyoKAAABucF\/9N6cAbsCCPyL\/I8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01106{"flow_id":224,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460376,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc9\/NAAH4RCGsKAAABucF\/9MOOAbsCCPyL\/IsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01105{"flow_id":225,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460415,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcPTVAAH4RwykKAAABucF\/9OfaAbsCCPyL\/I0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02388{"flow_id":226,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460524,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcPTYgAH4R32gKAAABucF\/9NaIAbsGBKQ8\/IwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460543,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQPTYAuX4RBDwKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02388{"flow_id":227,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460550,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcPTggAH4R32YKAAABucF\/9LTqAbsGBMXY\/I4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02388{"flow_id":228,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460551,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcPTcgAH4R32cKAAABucF\/9LtjAbsGBL9j\/IoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460564,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQPTcAuX4RBDsKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460566,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQPTgAuX4RBDoKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -1143,26 +1143,26 @@
 00662{"flow_id":228,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522189,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQoaxAADYRp\/65wX\/0CgAAAQG7u2MAvNXc\/IqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":229,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522562,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaQhAAH4RLuEKAAABTUJU6cGgAbsCCGUBsp4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":230,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522566,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaQlAAH4RLuAKAAABTUJU6bQ8AbsCCGUBspoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":231,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522597,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaQogAH4RSx8KAAABTUJU6Z0RAbsGBIoKspkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":232,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522601,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaQtAAH4RLt4KAAABTUJU6cJEAbsCCGUBspwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522616,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaQoAuX4Rb\/IKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":233,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522616,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaQwgAH4RSx0KAAABTUJU6cZFAbsGBGDUspsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522632,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaQwAuX4Rb\/AKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":234,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522705,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaQ0gAH4RSxwKAAABTUJU6d8VAbsGBEgCsp0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522721,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaQ0AuX4Rb+8KAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00662{"flow_id":227,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522927,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQoa1AADYRp\/25wX\/0CgAAAQG7tOoAvNxR\/I6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
@@ -1177,26 +1177,26 @@
 00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":235,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":187997,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc1vJAAH4RAOYKAAABF29KzejDAbsCCCUSS8MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":236,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188013,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc1vNAAH4RAOUKAAABF29Kze20AbsCCCUSS8UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01103{"flow_id":237,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188014,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc1vRAAH4RAOQKAAABF29Kza75AbsCCCUSS8cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":238,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188041,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc1vYgAH4RHSIKAAABF29Kzc81AbsGBMTJS8YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":239,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188042,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc1vUgAH4RHSMKAAABF29KzYToAbsGBA8bS8IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188057,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ1vYAuX4RQfUKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188062,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ1vUAuX4RQfYKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 02386{"flow_id":240,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188092,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc1vcgAH4RHSEKAAABF29KzerRAbsGBKkvS8QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188109,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ1vcAuX4RQfQKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00668{"flow_id":235,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":352103,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUpqhAADURe3gXb0rNCgAAAQG76MMAwNUkS8OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
@@ -1428,23 +1428,23 @@
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":946739611961,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01195{"flow_id":241,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739611,"pkt_ts_usec":961483,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJcJkxAAKYRdegKAAABl1DeT7m5AbsCSDi2hxVktS2XlAXK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDO6Ugg3iONmSyzFBmv3WeUbwZp9IYiTM191d4EGpSNgn1Vnmhi0dnshrsldty0p0rog9vCUpw6jzc4+P9Puw1SQZaVq6AQHs9j8FHA6TV2fEODI+IleWgpNwN7RkTyReTtbcAyqcw4LZqRdzr4SFPlNOAV9QpavHsXRRYeP7A8ijLspxo8F1YH1toI16qO3Wyz3w2HsVy3nP0JwlulITaJBD9qG3whIbZyqhQYyJ2BvR67IS++x+jXq0MGJud5+s9l28XPdTs\/vK3y+tQd2+A5CezpWRNwOoTnzQrdnO5idkwCcFNbHZKDQFROmtVXAPisaIFuh2zDBTP9EootPFJMHtt5MCwQKxsqxAokmytyeHxjFqA8WwfVcAi5mF\/ZuGsfcjSKloXW082oaEMVSIkwJ74\/Jb+rJZiHxMq58YuihNtogJ1XyZ7N5w9vgrIru3Mf+Yb1s51E\/BAtAVet5JOSYKjHsRrwqjR5SM92Qhm81hCxh\/GAZd8BGwMYGW43YzzX7cWwZTJxpff01gK7OvmzthL7xQA0ARPjY6jfbbFZeg4DdbEVEZyuWoK3KXb6sDjKwxJLrncbQshDJtGHzwOzijM3V5WnhnWXGriaawdzvTvZzhIQ0srq9F4tmvJ8cwU537l2ggbdtCOlpHKYsSA7i9H4MB3lIBKJSrAhjGcr6R+mT\/OaHMOBRDayFlbn\/EG+N1\/YwEFto6"}
 00916{"flow_id":241,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739612,"pkt_ts_usec":32164,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"ZmZmZmZmRERERERECABFAAGMXAxAADQRsviXUN5PCgAAAQG7ubkBeOzQcjZmbnZXajjulIIN4jjZkssxQZqSDAUmKpfd49BFPcXUJNsH1tfF8ILOrmEInURZhClsi8Vfa6egoR1ZaEP2TFIvnnwmg3DMIMPj1X93gFJnlICV6s1bYKcQ0IVszmSovV29MoXsJXRtqoBvjWoL6erf64n\/9lY7Pizn5GAIJ+ZpdKmiKxdjxBHa0Bf9zJfNMagz21JNImGKGgrF3C+muN5QaVzi53jM6qhgKER\/YzujMJfiHF\/aaLCV7ensBtZtMGPEX2NyQDksoYgHkNVty+uHcb5FWtodWfWQwK\/pSx8\/6EDGrCYsD3hCk628LO83kEMpLh3mWe\/DOYJ4VpTxZ8unmS83bK0xOwnj+LV6NHmYBoNZVrz1zkXkqx7GlUurn5Yj1XRRPDFjXpVJqBkZG7vuwQAAc0Zs2zwVPvHOdh3jfX9L6TmayQGceJ8L7zIXqi14xI3xt4P62MSxtYdyqx5X5yN0e0crNQn80yUKKZ8="}
-00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00608{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":946739614386,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01196{"flow_id":242,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739614,"pkt_ts_usec":386871,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc989AAKYRHsYKAAABkFtq45cEAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCN0sI1afsDgB7g4z3waLSDC2o9apEHGrmX1\/\/XVDTnA82XGV5BkJ6hyx9SwD+WiC6uDTp6AbKbCDGnUn3j+tLJpn2hItHoTa\/xeDArjby7slJF40ySc4tPuE+UMiXypOsTanLuynVvS9n8gbILRPI43brHHY7HDFenFZDOtfB+JxdnOOFNDYhfJprBR2DTCXiO3N4Bex+NG0pKxAEiN254J3qeD3\/OAwnKA81+nREhgnE+6I0CyIA201vB4x+d\/+mhwpFUuUhbbD\/SfJPnQXjy3jOXtIJLaIFLNycvxG+PS5Ojxq9uCtE2XhA4tfk90STkQEJNACVZbLwRyAcYZfg9qxeV8twgsNlEDF5PIG3nzQvpvywuTYlFQryvjTvIH4VR9wK25AyfzR7C\/t+iRavrUqnzmU\/fAOG0CvTaSqHI+4MnbhUZVoxS2UyUFdELJqReTeLin8fcrvX1wJgCVSp8+cPs7vBKaV+JiLAgU+OxuxldboVrer9459FyQl4WFjHazGEL4xKqJvMIvrueodNiqXGE6cS6tIYUKgaQ4AFmKHlACJF\/olwP9NoAOKSUY3Y66DFQ4v+LM9mU+SWhao2muTb4Tju4w6ERuBOUyzP9LBhYeQUMfKmBYpIb+UNg41n6P7vyU8kDamY+f+xv4B8HSDYKX2DWu9KXaFSPBiu3SXVmscc3+ivcw18HJ9BS2CgGcv+eo7Dnd"}
 00740{"flow_id":242,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739614,"pkt_ts_usec":411248,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEMVHFAADcRMnWQW2rjCgAAAQG7lwQA+NqDcjZmbnZXajgjdLCNWn7A4Ae4OM+V95TEH+wEPWjCUqAPqLgKz03zsgxbeQD\/5ecQsA4RfRBRViLb9egczysjt1OolDW9kDXjXmmQiF571kS9rCn31TE60wfdQuvLsxXdWOqgaclRBMIB2+xIEcqZiOOnbAC3owgMpf07BM+8qosYU+1EzXz7EouWJa8VxL5FW0SNfmJsYYBjcSkC0myJwAMFESyFpxNCQtb+Z3Q2X9FOvOphUjS1Bh6POqoHGB4CgchAKjQ4X8fxQb5Wv65jhpmBRnmn5yUbcKZT8A2zfL7KGiy9Vrk+mU3WwB6UiVmU"}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":946739615603,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01203{"flow_id":243,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739615,"pkt_ts_usec":603613,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc+DdAAKYRHl4KAAABkFtq4+vpAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCAf8ZxPLtyAmkbotfhN9FBFDCeDP4ncrd\/TOhQoXS6aaK7Qk9xNjCJAE83nYrNPvD\/886RDhSKbcIu9OfJQKTcWCPazM2lBZj5zsNZveK3aqI2jCfxNNTpF+6txS57\/tj1ipnKY33r09Y4upstDW1n4WR1Nsfz7UrdB6\/6T5NqtK9QGMv\/EvcCVnsI4etNtWFQzRfRc7E0Skos7MBtpGgiC86vsChOu7VYwrpe6b0CyOg6OcUDxGDoVs5ICEPVHDsd2RqeGP3QVPcQgf4RCQy1ImYumox7n6l80U\/14hvlajMMIkDpEpiu4KAyZSDWRXbhAD60XmVYOZ0blLEelAzhupD39arDQughZsQic9xuigYdXIQBw\/Fbye0tmt8ihEnYnMhGIlRckiYzkA2ioG3ckpl1JlkazwpX87IXdgB1wqkVRuynhNnc1hxUbpiv0BrBR\/fV0UhwJN\/T1pdWRfFcsSRYMRLW\/ixpyROEV8e41kHMNotPvlHLtOyi\/2lXQAveUUQT3pByUNSr1McJDQGc7QNA5zFLNTZBJqb0kxE\/mLWe0EMXj7XbfUBu7q2gn8G7CETqFs71z\/s7TC\/nsaD\/ETkxWcTnA0aNzC2E\/O5fjyCETbuv3jbGkWzJPfOkBc4w2M9f3qNHjwEkn1LJYLOKWSLyq34DWAVom05p8N+1XzUjvKKpr2SZf2pwRkSXCrFPZsLRFNDkb"}
 00831{"flow_id":243,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739615,"pkt_ts_usec":628764,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"ZmZmZmZmRERERERECABFAAFMVRFAADcRMZWQW2rjCgAAAQG76+kBOCk6cjZmbnZXajggH\/GcTy7cgJpG6LWEOqYXy9eZW2i3Qbkc+\/ab87nm8hxILOmwmIagjS3082zNqzOBnUfDvXH1wdeKy55EXymmAOR3ISimesD3NSPRd1l+RxmfBHNn3a7Bw5aEHaIlwaCNLNQFqK+BhPyPkErS5VbNOhmY5xHp0Ui2kKe72GXKf4WLQR7zh9TTBssKJNiCiW7f2BiWF1TEyHipKDeny4ICpyTd3Wo2+B3IqtOVZ3rHmsTn5k+U7Dl0LO15r3tqh6n0WPCSwFlzqIYmOuOCTIqRIw6ZGfDu889dv4sOKdhqSdpo5gBsF5uRtahg1DOgrYIIV6k+VvSO\/ChUBVAry4GOrZXgTyxKsOYZ+21X5TNc3orLlCmaabkA\/armCA8Dr977H97D0+Y1rw=="}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":946739617004,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01196{"flow_id":244,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739617,"pkt_ts_usec":4122,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc+TpAAKYRHVsKAAABkFtq48ULAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDMYv6lXLSTAmrdvTCyOYpoj3kt1OReSCqSRptuX3NltyQeLyb5cvSCa8IppjLkWscLpkUyp0EuX0uRM80Z0tP4bkozd9zL82wWjC8W8tmOO4RTgddRqe2OW6UcaHGdoyLPby7WVQbLUZtFO6cYUzbEsqfBQPgCTh\/qKzkBHUUFOcOzpUyI3MqJzYO0+HYvDMlUyYOn02yFtLLa5Pq1FzqbW8q5lSsV54O2im5U817KNJVnj\/1Ex0RZMgloFaQtGlXZoAu0SSgUwvvAL1FO1uoRRAx+AcSeEgZ9dYJhUksMKZOl0pd1gb1y8kNBpupQux9D3tnmm7KlCbGQCOdJ7gfT1HbeHBBq0E1\/iBd8zqzehjb3a24okMSsxmhLmPfcn4P9uZtYdGDWmUahJxq\/ugthfP8l7FCJb27pTFxpBGhYYKBpCs8n66CHCXntWVKyqe9MG6tK4sOASpV12JTr1YNDUpJbbagNSSVC5+IbRWJ9kB5Tr1rdpADAHtTZhkSuXY7lHM\/VYuUqKr1+qXLnLCAo5cFYbfySTD\/RlMa1jGWX7ZjRRid5DRXgauaKlqQZ3kXMkfTFpvDON8m0NTWj9A1FG\/47eQpOKy5YSZ3VSyyGdtTjV5AwxRf0u5j7LIlgeShVaNcOEV16mq+tTopZDdjg\/q8bR3f8vgTH0VjGrhrUoHlYjd9nR+n\/OCx\/s7syonVC6jt\/ML6xGu"}
 00745{"flow_id":244,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739617,"pkt_ts_usec":27798,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEMVhtAADcRMMuQW2rjCgAAAQG7xQsA+AQwcjZmbnZXajjGL+pVy0kwJq3b0ws3QQmU1oaTmLs\/KBJiu7G8scEX3PGgxPg+ruVnqVNFUraQxsErWYtLItB90wPdHcXiqlBhJWtFp4LLnWAvhKLKhjFEw\/atFhZeDiqXStF1L94cSN904FNHbkEph9CBTREE+edOKfiP4WqHgqjHUNPQp7n\/XDg\/V39BVU7YZKgJKtX72jHsW8p+y1tD4\/oB5Dnpf9M\/FhDm1mUKnuHl2H9\/fkExtOnA6OjnoUWzl+W3CX4dYlGVJl9MVrQvZzZFoWkXil+wG5XW3z1KVD3tlSpd4VUIxP+btk8gcC+s"}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":946739620053,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01195{"flow_id":245,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739620,"pkt_ts_usec":53560,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc+yVAAKYRG3AKAAABkFtq45NPAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDJIKeRwV+B3o\/S1Vi20pwQIdLtPPzfiWHWJQqFzxTOLyCv2P6iXlQZj5XjV3kgHWrJU4+x22jVmI8HXUQsL4Ett9CycuHxHxWcs\/QYSIRhXy4zBDqi\/TRLgCDvexnLEbWrLVqZlx1oiHSo5WUfrBG87Hnp2cAe\/gsf5JPymP1MD3qdNPqZTHuk8S3o2b7BAHlFbKntVCDBSVQ2u7L9Ln\/6QrREPkeEFI1x9w5DZ5HrdTDgz+nlHzDSJBD364iAl3eoetv8rISqtBsiSLQHroHpiaUZtlR34l9Vzjmefx2nlmLBPG9TXLLZ\/mrHRFJkh\/uUcYYlECvdkuHlyfOYBwWiwoiqEQ+llPw\/pJiTU8CEAtaLv6CbONOtgp6JdiKE6d43D6uaZcFnqBbwg9eaCGVpcGiuUf8O0AgPu2sDwbVkeFGCSP+1RYWtMKN4UHnlXAzPp5xMNSLWhVnOiQOltHL0A4mIocw8NAKgYgB5WImGwHYZJTu3vKHL1ma4UUJgC2aPqavoEA8xSewTk8+kcdCu+H7U80l6uImg5OwmEHjnULbQ0NG6WqqnmnPPxiAFv0OcQF6VQejNwyFXYLHhqFbcBYdLiQUtlr\/CQbqH4bkFMHbjKfSQ5+8dmJhmOjdlgfwyZVo9qRa+DzThEZzNmUms2ITRpkxyxskJfLxizZZ7rIR6efqljBrZaiXsrJyXuIjgdlqkXHyYFN"}
 00660{"flow_id":245,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739620,"pkt_ts_usec":112675,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"ZmZmZmZmRERERERECABFAADMWFtAADcRLsuQW2rjCgAAAQG7k08AuMXMcjZmbnZXajiSCnkcFfgd6P0tVYuPcDHPBNH+Q2V36ecIOy5+Vn6hASP7zwS+HB7\/COLeZpsYSR\/D4KtiLxFMLHMCSd4CEFa3HkazvGkn1cTMf7cEedRa5ffS2XboBOubQlEIegWZ\/uOw8cxjcAsifupeBdcSOB0uu0iqAXb97mPtwXo9C5m\/fEJEqoOJOH7mervMe4nPhBoqZk\/lTKOfh1zHYDnQCY0xNdH9fhG+JJ4="}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":946739660371,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01200{"flow_id":246,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739660,"pkt_ts_usec":371388,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc6wNAAK8R\/JUKAAABwx5eHJ\/+IPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAyVmLtuOyOPrdbG9Aa84c6ABESOcWKO1lD0bmXASu6Lp1JrrhdSsrfi+qCLd+yV08wcBIOyOD3xWu+JqcvR+qyyD2wAqK+7GtNLfa5CYKvl4+qE+B8Fdcg3etmdvWho9v6RWRGqvWQ79X3lh7drodQ5tDBKL+haa6jK+KUocn+9wX11hwHxQkGR1McxgwheyWwiQ8yk86\/0X3FOuLzu\/q11WpJtGw+xpq\/OB+8OUVOD89R6Mnj\/UOcx7obvr0eYbF5A8onkaQEbT7AaiYRJQ+hA7ZZDi2ljxg+uDg1AUnD5AkpxvEvbz9buRkBehRmtAjmpjCb+1eSSGGy0pj3fWliJpufCy0cLqKeBAa8pN+PboX7ibcQKD2oLVDzOMCPNysRr7U4iSHLRzA3mGLlWv1wmtPqVLl\/EoRbf02Q+FQ\/4r6mOaMPxUziXWn4x9EAZfWAyRDD7Afeh1n3Kmrb8xH0TDb8AwH7WhW4050ZoDY8fwOoRj\/\/yicxCkUFPRn2\/1wmsWfaim9o7xstoH1TFkuOYolb5zL0b\/s+Q6LzmCI0CRhGzcGbTPbKaxkq5YwwG9Y4Y7yX3r23bemnved9GKHI+BB80yEb94yRK1wmhzXgZyDB626hQAGMFgeYF1jYBg8XUeiAWAkUeVdpaFQcCYu3RciaRBtQKGADb1WYqE\/SeWtKsrZLM+n2BJmC8O6wwHCEtXzUPi0rg"}
 00940{"flow_id":246,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739660,"pkt_ts_usec":417793,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"pkt":"ZmZmZmZmRERERERECABFAAGcN+1AADgRJ23DHl4cCgAAASD7n\/4BiHhncjZmbnZXajgMlZi7bjsjj63WxvRslmVw4ADDYw9Zf7rvWXePF7DzWlPhjWqgv8O9se2dHg\/hMkwpzbF\/IwWGmMmxEowkpKXdmkUibqvznKVpkcwGgbuuCaS7Y6VBAIjGo9kWj7NiKTrA6Y4suMJM1qQ00IXt9U3jt4cutk2V8vfwhRYcaNOhsYhZrStljarNU+tA0k9iIXbco1x+a3RzKSkOB\/31hiwlYARdPxVfA4tlw7PDeRv6xT+b+Zv+a+jVuxZiNAikFvbCic9wNteLeIi7n5SfaDU1hH5H0TBuxqIVG9IHOsQSrBqKpNMeo1qfha7yS2X+OJjDupJOcyA3aK4UBMnSr\/hwPHcnofH4+5e3N9vB71o19Y0N1Cu3OIZZTlMMscwt3XDJIpsNrPW0k\/KXOVig1xeZdDezEjIt7JmJY9nlO847+Hb404Ny9pRCt57zdrjCVnAEbkkF4phZwF7K\/zzTOwqW\/8CPNUPEe\/A1vTBCVo6HwXAA4OkIci3U"}
@@ -1456,15 +1456,15 @@
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":946739720236,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01195{"flow_id":248,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739720,"pkt_ts_usec":236687,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJcgJBAALYRD\/QKAAABMw8+QbCyAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDOvN3LKmlsKPJgnxHDgQO2HIwu\/7HgUbhvSQLUmgTButtVYZ7ynSLJeOyVR7apKprNCXG1CB6RzKxjyoWSQdDjHQSudtBqe8pb0jpoyikDKAP5jZsuhlLmSafeiWgv4b7FcEcaSLItWNKLNEkAAXUwpoLIVbFjTOnXrLtfp8ddH5RkIQz3yuUJ9Nr9mnfMn04Kowojf10wKowiddPU5KKVho7F0cvcKjFtvuttnCHTnagcxAyTEmIcCymyhGi+h9M4qiKb4nZlaO8w0zOAMAC1r78IGbvmw2MC\/y\/XFDrOtYAyDWcOnUil1BFM0d\/Bz+j1o\/P8xdWxuA8zW6LX70nyKPAmn2+XMm6v93oH0oPPpEb87KAvDSvCagsZZA4fpWnggw8IDtM+xGjIpanNsL2VG3CCZ8SJchr0dd0ybGZUr6\/QWXs1PQNuAQq7PtTY0h5VDncSKKbfMtAy3KYwk5hwtNLo5PMwSgkhumRRE888qSzJlQJGBNzGsf1NwJANZTAqrVJeK8b7f+2pTSgrru+nRtvffr5TCeW5qGtpkkXT1G87oaz4FH2RV1Xm1JIdrzicLRjoj866viGnjQ5b2\/UKZWoCT22+fKnqSPDxIXp73HamN35GQ751GknwXsyMVZZbtLrbqcV6TqrFj8sSTjExCJ80Zk2kq4s9KvTe8IudfZv2VZnKat7igdMc61peD9CbEijjtfZYoC"}
 00746{"flow_id":248,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739720,"pkt_ts_usec":266316,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEM3XMAADURdWEzDz5BCgAAAQG7sLIA+HYgcjZmbnZXajjrzdyyppbCjyYJ8RwtW4RTIlvIG\/FZbH1Xp2LSeUte4yLE0KEYJIy\/W8+x\/FH3nQM381uStJPi54eYTbEiFOHb6+tNj6JfFejP8ANh9SW7+XztIQKHTMkKaKwDijmfQK3jWMvzYn5RQLy\/kgEd3jZcHSQ4+mGlJFAq0q9\/sxSmeRSE7Bf4lfghgGePrvRax2LVMOPyLQdEzOtXRcimFhC\/P2NV+z\/yC5UUyjWbNHflc5ZhEb6wjqEIWWaXMR9PmHFkJmX18vLk2mHCcaPJ0ISTpxtaV1D5IuKPIa2LIoH3gyFLk8kBlxy8"}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":946739725845,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01197{"flow_id":249,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739725,"pkt_ts_usec":845905,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJcg7xAALYRDMgKAAABMw8+QY+KAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDHgMkBVee38D+I7fnhBktgHf7os968\/qL0XkoqwhIpo2rKPzGWXe2G9NgFMScZ1tv4\/+yOWKKWYUUiUyLx+7PMrENy\/k+jN+yzdctk2Zo3FLcHvC79XH2TY1F0O7cJD1wjxZI3\/IHMcd6PNvU2hGrzF+GquS0c6mjapr0bbntYIeD4+Xf\/ITOco5AtKhdlLVR6qs44J9FD4+1MhlzKeOoRa6oiskDhR9SKCiLE0vY6WaFISx1KvaV1\/AWlTq+Ma\/RCIZcpIwRnCK5x9qtU8svtd3XmYK5sxwzMlT8VpdCDkudem2VmnpOeldtwd4GZeCkcdGXhDpTvkco7\/J7KzU8Em3dvt1ZFDy4TcFUOFTvtGhCNRYamvuZtqV1ariMFQakPC5kVsCG2gSYSztnSwq2hbNURFeBG0BsgQjYyNkq5wGuYsXMV6s23vt0COGB4x1t6Zn8jjY5lWn7t84BUSUEjxNSXlazc9hfUsGYBk1YNyvKVIOa4XVjl\/NR0vRtizEXbk8CW7UFlpZywbOaEBbweblLU4zywJ5qKZiL8sEsu9XT1G3qBmTW8cVYrUgsGb+gfIiskkKUwoOtt9RL+Teq82rqtdl6NJyjfa8lJ6hpSkFQGXkbcjp3VueVgKLzTUvGcLRMTp0C18n\/FNAt4vg0zRX0o3Lss4rXcLQ3ZMQHCelaCESW7C4sZpRGMwGTOa2B2AzD+kO+ZGd"}
 00748{"flow_id":249,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739725,"pkt_ts_usec":874210,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEM4eEAADURcPMzDz5BCgAAAQG7j4oA+L7VcjZmbnZXajh4DJAVXnt\/A\/iO355MVB4P\/\/Rk8\/R8bJwvIdLtYy13W15OTi+Go1C5ARLPQjyVOYrIdtt78KeJtxqvLGMYFgf90WzBjkKY8vjgNB0MPV1q9fSbDPwYJMt9sDZnnX7J06DitoJz19fiGevmNqdw2iS+W0+hbeSiK8kirJT\/QpPdxVHp2xD743rTjnXejSHner\/lxnNhKbPdOrwzbBbFmJ\/STzN7we3lc\/L7tRfFce0lf4Dadw+FNCaY6kAAQ713YJ6hg1mApwixRpXpT16U0DoxmV6YKXf9KevXwY7CFTGcq9MsTSP1FQYE"}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":946739727013,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01192{"flow_id":250,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739727,"pkt_ts_usec":13003,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJchI5AALYRC\/YKAAABMw8+QYFBAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAvLo+OTm36q6otOO+fGemzVvq0dD3jxm9VGAJSNGJ7CPJoGqXj8m9e0jdRInMcNRA9p4+0Ni8e31vogtljvbwYYgmhAZTxwGYs6C50cDQFt1uHfEvD15mlAq995eAVsOx9PzSthVaX\/ivHpOY6L3Ij\/Ef7SZJJCujYYFW73myi8HjWORk7BxBZfRqH+6sXHsTHW9JgIyfg81CrvoYmjj6eguA0dO39fTJaKjXzcpWKnEcMMNV4ml8LGnAy0T9PzW3di7md5aeCc6dVE4FKwEMVWCPhdhJoRf2eXkrqBw09LkEK01y9a7hl1hmtvIUWP7Fpi4bKoZT2dc0fFL1f9KzoS20B8JdI1HDtUFbfn9WkC6dXWkvGuh\/9+Rlymk6CKSLR0QVl5o+\/deX43CF3YmoxgH2snZah0gHUFwhHSA2MzyATzLiO4hwopOla7EXLAzrjJnmBpaFbHi1L+QqXQh2bLrcU+P9O4f9I6E21iw7CMaLWnshFHMR4k17Kr3eYvvp5nk3smnj6RkzbyXiwre7VxnxR8luWJiFKQAtgTS7iTP90QNwfWgaQbUtbBzkaFhJU0sLHhiOY7bVruAAJT6m3XAbRU\/eHVLtQFKfLcw5DBcGucce2S1ZsrhqHFcOTeV5s1bkuGYusFVrqTNERXk+qQd0EJRZ80ghllq3WCfjIbNz4NU54JpS6KXFVABPgeMm+7RrRRXRHV"}
 00662{"flow_id":250,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739727,"pkt_ts_usec":39034,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"ZmZmZmZmRERERERECABFAADM4h4AADURcPYzDz5BCgAAAQG7gUEAuGT7cjZmbnZXajgLy6Pjk5t+quqLTjthMYRcpmrtygKi+8ge\/d5a\/EggfKFstwqlUcEQ0npRyt3o\/+nrMu7IyAemLvDGwM3nY6O0vBX25jf4NlD5NhKqGUUpFydrLINODy\/Et1yVVHUUL4VBz3CwT8bs4b54QwYXASMjQfnf\/0NTpkvJ+0v2f5ntIAM7o81gzx\/1ovB+r6k93kwem7LHnom40gyZk3GGiIOpwn\/P\/XOKwtE="}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -1474,7 +1474,7 @@
 00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":946739861286,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 01198{"flow_id":251,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739861,"pkt_ts_usec":286767,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc8z5AAGQR70UKAAABMw8+QZ7jAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDEDim3A5yf0wjjkn7c0KZ99+wsaC8Q0jJNdVtRyvQ4vttz57bauXWf7aWWZI9GXe13Bq\/1R6iUwT\/A0\/zRCc0Ayq9cmcu623YyCddihLAAMnrLyfM6t6rL27MiG1nzMzmCPyF28NwS5XqwjPRfHv4CZ99g0HmhnodYUO8q68IgHhgstyCXs7D74EPnDSNCXWvxBvHIE3vRmyPvunw0teioCjIqxqULRcggjd13KNSzhv65LTFQDOYbWOCn+rymPlyEaTGV8M85qpLCbZBx+P2mZMjdPflMOxEUQrHk9kdqOlL2mWcrX2tI9xOtQuzvv+NeAjtLGeixP59GGL75pvlLSdqyad1gu\/frI3Onyk042MoSYGJ6RwV3eaPNbZQCtEwb9AOFIXBmvRH9XM7npQUXePLACdz9iCTPKnV7Kw8ctrZrqQ4N6l7ZvcAG2rUT+Q9\/LXDXqKjl09ujD68NhiQh61LzaYdfK4i7pycnU4qJoDyh6wqXlEnhJrx33Uml0q43\/LZkKq6+gBtMyFx1G0t8TXOxdVJjjFCI6asgc8Kxe6G3w1FuEYOCYdPJ1BDXSvfQyl+xvLRdx79zlvjoh3CA3lgSqjekZ4r\/nVmPAWeluQHxO36OZiUmB2ai6gs8+TK+H6\/M45c1\/tfkqR+WeZABxv3Wq+MtDzkLR1Ba9KFIEFLcYA\/aPSp26qFfnJhX4KU8kKJXh\/RvHe"}
 00659{"flow_id":251,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739861,"pkt_ts_usec":499384,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"ZmZmZmZmRERERERECABFAADMBL8AADQRT1YzDz5BCgAAAQG7nuMAuKxVcjZmbnZXajhA4ptwOcn9MI45J+2cfN20Dl9sTMp3rF67X\/jDpIVgb1a+3\/m31lpJBtYvfwV0B9vwzZtjNo+jG7GftQDbJaUY\/oveZ3k2CcZHOjICUKnGXvyF5yEl+85urFpytmNQcYoVHSk5XuOkfP++TbbcrYxYsDH+x2d1Xg60pF+BeHKLrLF0X3ik2Kl1hdwwJCMdJ5w1\/ra7TZUP4kyuPD6WApR9UYb+H+3yIn0="}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -1488,7 +1488,7 @@
 ~~ total detected protocols..: 251
 ~~ total active/idle flows...: 251/251
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2543611 bytes
+~~ total memory allocated....: 2730858 bytes
-~~ total memory freed........: 2543611 bytes
+~~ total memory freed........: 2730858 bytes
-~~ total allocations/frees...: 34557/34557
+~~ total allocations/frees...: 36562/36562
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnscrypt-v2-doh.pcap.out

@@ -627,7 +627,7 @@
 ~~ total detected protocols..: 34
 ~~ total active/idle flows...: 34/34
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2074818 bytes
+~~ total memory allocated....: 2260329 bytes
-~~ total memory freed........: 2074818 bytes
+~~ total memory freed........: 2260329 bytes
-~~ total allocations/frees...: 34152/34152
+~~ total allocations/frees...: 36157/36157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnscrypt_skype_false_positive.pcapng.out

@@ -22,7 +22,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1747937 bytes
+~~ total memory allocated....: 1933200 bytes
-~~ total memory freed........: 1747937 bytes
+~~ total memory freed........: 1933200 bytes
-~~ total allocations/frees...: 33331/33331
+~~ total allocations/frees...: 35336/35336
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/doq.pcapng.out

@@ -33,7 +33,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1750643 bytes
+~~ total memory allocated....: 1935898 bytes
-~~ total memory freed........: 1750643 bytes
+~~ total memory freed........: 1935898 bytes
-~~ total allocations/frees...: 33354/33354
+~~ total allocations/frees...: 35359/35359
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/doq_adguard.pcapng.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1755447 bytes
+~~ total memory allocated....: 1940694 bytes
-~~ total memory freed........: 1755447 bytes
+~~ total memory freed........: 1940694 bytes
-~~ total allocations/frees...: 33627/33627
+~~ total allocations/frees...: 35632/35632
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dos_win98_smb_netbeui.pcap.out

@@ -389,7 +389,7 @@
 ~~ total detected protocols..: 7
 ~~ total active/idle flows...: 7/7
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1762169 bytes
+~~ total memory allocated....: 1947464 bytes
-~~ total memory freed........: 1762169 bytes
+~~ total memory freed........: 1947464 bytes
-~~ total allocations/frees...: 33399/33399
+~~ total allocations/frees...: 35404/35404
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/drda_db2.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744609 bytes
+~~ total memory allocated....: 1929856 bytes
-~~ total memory freed........: 1744609 bytes
+~~ total memory freed........: 1929856 bytes
-~~ total allocations/frees...: 33358/33358
+~~ total allocations/frees...: 35363/35363
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dropbox.pcap.out

@@ -178,7 +178,7 @@
 ~~ total detected protocols..: 19
 ~~ total active/idle flows...: 19/19
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1822787 bytes
+~~ total memory allocated....: 2008178 bytes
-~~ total memory freed........: 1822787 bytes
+~~ total memory freed........: 2008178 bytes
-~~ total allocations/frees...: 34221/34221
+~~ total allocations/frees...: 36226/36226
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls.pcap.out

@@ -12,7 +12,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741517 bytes
+~~ total memory allocated....: 1926764 bytes
-~~ total memory freed........: 1741517 bytes
+~~ total memory freed........: 1926764 bytes
-~~ total allocations/frees...: 33321/33321
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls2.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1742373 bytes
+~~ total memory allocated....: 1927620 bytes
-~~ total memory freed........: 1742373 bytes
+~~ total memory freed........: 1927620 bytes
-~~ total allocations/frees...: 33351/33351
+~~ total allocations/frees...: 35356/35356
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls_certificate_fragments.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1742039 bytes
+~~ total memory allocated....: 1927286 bytes
-~~ total memory freed........: 1742039 bytes
+~~ total memory freed........: 1927286 bytes
-~~ total allocations/frees...: 33339/33339
+~~ total allocations/frees...: 35344/35344
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls_session_id_and_coockie_both.pcap.out

@@ -15,7 +15,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741575 bytes
+~~ total memory allocated....: 1926822 bytes
-~~ total memory freed........: 1741575 bytes
+~~ total memory freed........: 1926822 bytes
-~~ total allocations/frees...: 33323/33323
+~~ total allocations/frees...: 35328/35328
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/encrypted_sni.pcap.out

@@ -19,7 +19,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1755875 bytes
+~~ total memory allocated....: 1941138 bytes
-~~ total memory freed........: 1755875 bytes
+~~ total memory freed........: 1941138 bytes
-~~ total allocations/frees...: 33340/33340
+~~ total allocations/frees...: 35345/35345
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ethereum.pcap.out

@@ -1034,7 +1034,7 @@
 ~~ total detected protocols..: 71
 ~~ total active/idle flows...: 74/74
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2146307 bytes
+~~ total memory allocated....: 2332138 bytes
-~~ total memory freed........: 2146307 bytes
+~~ total memory freed........: 2332138 bytes
-~~ total allocations/frees...: 35593/35593
+~~ total allocations/frees...: 37598/37598
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/exe_download.pcap.out

@@ -7,7 +7,7 @@
 00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
 00411{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":325236,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"}
 02368{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623372,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbQAAIAGNdyQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vA4RgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxNzo1NDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjc5MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LURlc2NyaXB0aW9uOiBGaWxlIFRyYW5zZmVyDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0icGhuMzR5Y2p0Z2htLmV4ZSINCkV4cGlyZXM6IDANCkNhY2hlLUNvbnRyb2w6IG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBwdWJsaWMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADF5hWJgYd72oGHe9qBh3vasqVe2oOHe9pbpGfai4d72likZ9qAh3vae6Ri2piHe9qBh3ra\/4V72nujO9qdh3vae6Nn2gSHe9qqplzaiId72nujZtoZh3vae6M+2oCHe9p7o0bagId72lJpY2iBh3vaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBAA3BYtdAAAAAAAAAADgAA8BCwEHAABABAAAwAQAAAAAAGIRAQAAEAAAAFAEAAAAQAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAEAkAABAAAJAACQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAsZAUAGAEAAAAABgDyAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAEAGAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAKMzBAAAEAAAAEAEAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABgOwEAAFAEAABAAQAAUAQAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAxGAAAACQBQAAMAAAAJAFAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAAPIBAwAAAAYAABADAADABQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00798{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"FileTransfer"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
 02109{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623382,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcBbUAAIAGNpuQW0XDCgkZZQBQwA0+795tvob4uFAY+vAhYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00412{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623558,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALZAAIAGAI4KCRllkFtFw8ANAFC+hvi4Pu\/jYVAQ+vAhaQAA"}
 02237{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":624937,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbYAAIAGNjqQW0XDCgkZZQBQwA0+7+Nhvob4uFAY+vAcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1761926 bytes
+~~ total memory allocated....: 1947173 bytes
-~~ total memory freed........: 1761926 bytes
+~~ total memory freed........: 1947173 bytes
-~~ total allocations/frees...: 34025/34025
+~~ total allocations/frees...: 36030/36030
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/exe_download_as_png.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1757000 bytes
+~~ total memory allocated....: 1942247 bytes
-~~ total memory freed........: 1757000 bytes
+~~ total memory freed........: 1942247 bytes
-~~ total allocations/frees...: 33856/33856
+~~ total allocations/frees...: 35861/35861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/facebook.pcap.out

@@ -46,7 +46,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1757672 bytes
+~~ total memory allocated....: 1942927 bytes
-~~ total memory freed........: 1757672 bytes
+~~ total memory freed........: 1942927 bytes
-~~ total allocations/frees...: 33403/33403
+~~ total allocations/frees...: 35408/35408
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/firefox.pcap.out

@@ -122,7 +122,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2377905 bytes
+~~ total memory allocated....: 2563192 bytes
-~~ total memory freed........: 2377905 bytes
+~~ total memory freed........: 2563192 bytes
-~~ total allocations/frees...: 38843/38843
+~~ total allocations/frees...: 40848/40848
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/fix.pcap.out

@@ -191,7 +191,7 @@
 ~~ total detected protocols..: 12
 ~~ total active/idle flows...: 12/12
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1837276 bytes
+~~ total memory allocated....: 2022611 bytes
-~~ total memory freed........: 1837276 bytes
+~~ total memory freed........: 2022611 bytes
-~~ total allocations/frees...: 34625/34625
+~~ total allocations/frees...: 36630/36630
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/forticlient.pcap.out

@@ -4,12 +4,12 @@
 00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
 00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
 00658{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":776571,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"EBMx8Tl2KDc3AG3ICABFAADfAABAAEAG92DAqAGyUlEuDfFtKMutlmzPZBHKQoAYECx8qwAAAQEICienPS4GP5CkFgMBAKYBAACiAwNgn4XDHhk9zkDSeKikF83Z2kCbBVuvXP2YO+k8PIUoXwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAATQAAABAADgAACzgyLjgxLjQ2LjEzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":840255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WuhAADQGqSNSUS4NwKgBsijL8W1kEcpCrZZteoAQABDUiQAAAQEICgY\/kLgnpz0u"}
 02363{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":852128,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWulAADQGo4JSUS4NwKgBsijL8W1kEcpCrZZteoAQABBZ3QAAAQEICgY\/kLknpz0uFgMDAFkCAABVAwNMQYg+z1Akfi0bYPhJZIpw8023veuBHo\/hhYl77vjjiCBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
-00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00856{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
 01801{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854111,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlWupAADQGpTBSUS4NwKgBsijL8W1kEc\/irZZteoAYABDBnAAAAQEICgY\/kLknpz0ucHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQR+URWW5b3gDqWmVPPVzCdlCGa\/ZaV9D+4Y5LUq\/JTO8Pk5ntccgmPedHiM9ZU+yI6Wp\/rtlbvgg4DA+MifFvwbicOs51Y5U3e0warnAkqqHAVMg54Z2\/Qq5XYxJF4LlrwGAQEAWiagxs18C1Nhbm1NTKu8WaMewNWGkzOuz+sQcA0aJfYoWKbFGvHp1IlkAACJzZSXn\/iVpmF3vwwULnxcomU2Jm7bqHJEoHYbHaKETn\/JXTHTi9F8FfA9aTPhqRbRgB9kmFz57jnAd2soS7OLctE2FyEyl1eh8Iw34k\/LtieEZUTP0IVeRumrkcgyvDMtvHjnzQwo2bNJ1TF5ORTWalkmUYP7xZr\/I2xxHX45rTw+lu3\/wkZrzwYISP6GFzLrAwZXf9Yfqkdj3OARN+OOLJGBDKwq4Zwx2cHOfixpe9PzhlM7RkGV1O8gqkB5ewCDY+E+jNPxSzyZflcHUtKhGw1lJBYDAwAEDgAAAA=="}
-01091{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01133{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00426{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm16ZBHT04AQD9+63gAAAQEICienPXgGP5C5"}
 00575{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985738,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFtKMutlm16ZBHT04AYEABn6gAAAQEICienPfkGP5C5FgMDAGYQAABiYQTvWBhKDRHH\/ODiOXdjlYaQWgsQRuME0zv3XHyBRRCZmTerEMFWFOfxHpdD05AKQ2xP+jA6kpB\/8E5bgg5jjZwSOsuOZT2bsHpIGDYh0lqRNfLwBslWlCzqDoy59tf4QEk="}
 00436{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985743,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFtKMutlm3lZBHT04AYEAChvwAAAQEICienPfkGP5C5FAMDAAEB"}
@@ -23,12 +23,12 @@
 00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682265,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
 00427{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
 00705{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":827269,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFuKMux1NwBslSzeoAYECwJbQAAAQEICienQToGP5ENFgMBAMYBAADCAwNgn4XEp+uBSLXTSYGmDjytSwbEIFYHQALSGOu1WZB+OiBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00428{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":886490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImlAADQG4aJSUS4NwKgBsijL8W6yVLN6sdTczIAQABAlCAAAAQEICgY\/kSEnp0E6"}
 02364{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":898197,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUImpAADQG3AFSUS4NwKgBsijL8W6yVLN6sdTczIAQABDMewAAAQEICgY\/kSInp0E6FgMDAFkCAABVAwPNKKzk0kFbGwK4GoGYDE7Clte2bxu4mBZlYF57\/OTSeCD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
 01802{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900059,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlImtAADQG3a9SUS4NwKgBsijL8W6yVLkasdTczIAYABA\/5AAAAQEICgY\/kSInp0E6cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQRDWmAmCg7XsTW+RvCAC0sbZ+SBRkSgFCUlkz\/IwN\/8c\/NJIrs+ILcpIxCCI0N9sDPjc20vF3fhrL8oZBKZYp8ZbnTlpZrSiKibycLeXw1ASLbNdqYX3C+izklbSVJ\/tokGAQEABsO0H8vdCw0252tfIzfTfFWWJXTldG3BxDkkL4g1+0rLC+30WT+5h111YwDniV9p6SpJPWnP79Ah0p2blDE6FrdGElq5cIPT03Cte5Pygktzt3LkZAIscr\/HNfshHX6DT6B6gCsDRe7LT\/CJ7zw1pxErmsA1VDwZhwGwND6YCSsyyG2lqPfClwFiQwG5pR8Nn9ZXofREIJEnZTR6xf6a\/b19Ct7XaRLkl4il8P\/3lf+8eWV3jWuMnq0bAFbV90AD4k8m030f14e+Hkz8j4wGDwWOwBAO\/Bd5sFNzy7yX+9njCybmLTwDm6Ou0XWocGTEvAzh2sjgkSXR1g9SofMVgxYDAwAEDgAAAA=="}
-01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00427{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NzMslS9C4AQD98LYAAAAQEICienQYEGP5Ei"}
 00575{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37894,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFuKMux1NzMslS9C4AYEAA1FQAAAQEICienQggGP5EiFgMDAGYQAABiYQRMlk9Sqm8x7BO7Ac\/JDkvTlimMq+ZTv2U1j379dVY8SgvRAiH5jrVV0Wx2QR8wjgugOy2ro2NKKw4TbZbYXO4ZIWGRnWkU\/sfj+8WhWYs3YarXXSOfhe5kLw3fJTpeBlA="}
 00435{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37898,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFuKMux1N03slS9C4AYEADyOgAAAQEICienQggGP5EiFAMDAAEB"}
@@ -42,12 +42,12 @@
 00439{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
 00427{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
 00705{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":856632,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFzKMsSeiBD+wn8a4AYECzNugAAAQEICienRTAGP5FzFgMBAMYBAADCAwNgn4XFQZiH+y8CHLF8hTQg3ogVgVp4VG9EWDmmbkf39yD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00428{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":914177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRJAADQGlvlSUS4NwKgBsijL8XP7CfxrEnohDoAQABDqGAAAAQEICgY\/kYgnp0Uw"}
 02365{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":926006,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbRNAADQGkVhSUS4NwKgBsijL8XP7CfxrEnohDoAQABBMKwAAAQEICgY\/kYknp0UwFgMDAFkCAABVAwOYnBh1oFf3ZFZgK6KsDRsjcw1liD4uUa6U3S\/+hnNkKyAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3Pc8AwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
 01798{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928157,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlbRRAADQGkwZSUS4NwKgBsijL8XP7CgILEnohDoAYABDaoQAAAQEICgY\/kYknp0UwcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQSpCI+VU7scjI3LZuh6jYdR3hiS+GXuFJu25gRBjlJW6+WSybs3rdoGEEOYPd0BnWod+IHDRUnzR2ptbIn0wosun1EaK94f345iYnt80TzVyXB5UPM880CNCqj3UAZBoVIGAQEABlPh0A5Bm60QzR6b9DrW1Tfbwxn2udCztNSTaJXT\/2w4ngli8i8InoI82Wg27s2xkKI+vFQA6sFXSo7U3KaUCCEJlgLtSNg\/2A\/b\/1bwkoDQHt9uOpgGm45ce2lS1OLsqZDhNE\/gp98CcpcVfkuoaFWhyChqJBI6ViV8ayFLbffU3P9h8KG72wFOW2INm+MYlr3WytPis+HH9IVw2Tjc7jMVS7nQhFv6L7\/0Gi2LedZL0ZpR811lOPPCyOX6piYedCFJaL4vZDBViQeRrG3asy2ZAurbxozYYclAUua5HyYR9ykN7S9W1f2gspfkn5vrULgtoCnuvsoXYPofDnqTfhYDAwAEDgAAAA=="}
-01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00429{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiEO+woF\/IAQD9\/QcwAAAQEICienRXQGP5GJ"}
 00574{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":69996,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFzKMsSeiEO+woF\/IAYEABb9QAAAQEICienRgAGP5GJFgMDAGYQAABiYQS5klChCa1nu02InQSoL0lqkSpQKQso0+o5k7FR4cIlwmA8FNGNPgAOoglyMxSwmZD+xq8zmrxdr8+9ElnZVss7a3SMEwDf9mpkhDJzZcJXJeOg4cqF2AXi3h7DiDRygyA="}
 00436{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70001,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFzKMsSeiF5+woF\/IAYEAC3SQAAAQEICienRgAGP5GJFAMDAAEB"}
@@ -61,12 +61,12 @@
 00439{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
 00427{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
 00707{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":977150,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfF0KMspKYnKzXsyaYAYECwOmAAAAQEICienSYIGP5HkFgMBAMYBAADCAwNgn4XGR7oIUOrAwfXLNhOc\/stRXR3cpjisHDHrOmoG8CAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3PcwAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00427{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":36967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4NAADQGYIhSUS4NwKgBsijL8XTNezJpKSmKlYAQABBcsAAAAQEICgY\/kfgnp0mC"}
 02365{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":49233,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUo4RAADQGWudSUS4NwKgBsijL8XTNezJpKSmKlYAQABA9RwAAAQEICgY\/kfknp0mCFgMDAFkCAABVAwNnZ\/OJo6RE7hyRtbLqvOcQnYNZvPW\/uW6Wzk3ZmtG85SCfyViooWLsKJeuaidxXFUrV8SrVuQwq5HnaWw9\/qL7fcAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
 01799{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50833,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlo4VAADQGXJVSUS4NwKgBsijL8XTNezgJKSmKlYAYABCMkAAAAQEICgY\/kfknp0mCcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQTUu6wEEm6jsmXU0yCYD24OySeP+iql+oNZD\/TENWomz8k3jQ0IADMd4YxMPl5ytWgSDJI0fUn4l7Pbd8SWOodXcjYWJky+pbPSTG4pE5j1a+TMscEtWyiG7MEYLuOQnp0GAQEAeAyX7k5IEdhJ82TRB9jAixL1cTZ9S4jLhZM9mQDF4W1ZbAysAmH\/epKtzFX0GaHRNM5NqLRszFjgjwLZvy8GQf6PW2tsMa4\/XjHwzG39mZZQ\/tuqMW5fGtDACQES2AMZiyyWKtl62n5Tzfc5bRe8avX1eNr8vigRLuIIT\/uaxkBEqMs5SKi9qQ5GA1gXm5\/Ledt6fXFLZ6OJdUYI81WtqDQPwxsopyTTYPKIt5qWywK+XI5DDt4ZBx7H4ckwY6RQK1SzHtbuVOlBs8zaSezGrl1YMez7g+S9zMTU\/dkvPCBz\/Y8RRU9GC+Hl3FW3p8IpvWvTNllCUHU+afkH6s7cBxYDAwAEDgAAAA=="}
-01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00426{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYqVzXs7+oAQD99DCAAAAQEICienSckGP5H5"}
 00576{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191301,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfF0KMspKYqVzXs7+oAYEAAu7QAAAQEICienSkwGP5H5FgMDAGYQAABiYQQ6kYoBbfIPDz94x4EusTtku\/dKN6TebFHE7uNWy8hsH504MR0EB6yxCJ\/pHBUq5uckb9Cdeka0R1KNmmvqhigAcMRqWMpqtJ6uOmMrC9CHBTNAsA0RhGxxoAIhd5OXoE4="}
 00436{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191313,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAYEAAp5wAAAQEICienSkwGP5H5FAMDAAEB"}
@@ -80,12 +80,12 @@
 00440{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
 00428{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
 00854{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":264717,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFtAABAAEAG9tLAqAGyUlEuDfF8KMsekCM0XLl6iYAYECy4MwAAAQEICienUkkGP5LWFgMBATQBAAEwAwME0ZbiTglAl8IIF\/3QYtFxUOfO4VmvosSnyqFik3+gECB0m0E8n5ro5FpA+fOauorg9Y\/MUiqxzclkM+TtS7iPJgA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACpAAAAEAAOAAALODIuODEuNDYuMTMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACBs1PQ+qJEvrZx4kd6w\/yirfgThWirK26NCg33JqRCxNQ=="}
-00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00429{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":326813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA06FRAADQGG7dSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDsXwAAAQEICgY\/kt0np1JJ"}
 02362{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":346748,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU6FVAADQGFhZSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDZeAAAAQEICgY\/kt4np1JJFgMDAD0CAAA5AwNUBzBqQ9tE91yRCnCEASczkwE6\/gOv+6viNjQyh6uYogDAMAAAEf8BAAEAAAsABAMAAQIAIwAAFgMDB7MLAAevAAesAAPNMIIDyTCCArGgAwIBAgIDNbsSMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNjA5MTIxMDA2MjBaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBGV0Y2MEU0UTE2MDEyMDUwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSSbeDL59AaE\/YbeK4vLxOGTRC8z1T52auxgMnWDBMfI\/ZQkiG4nTaN+pFmIi8b6N72RXyz1HqbMlcdW7J2BMiE4yOHlBgg8dFbhi5at6eRYB0K+BTIw8wyLPWFEEm8t\/EZ8y4q6JyJil2Z7wjAWVXPRYRm1CIgqyliTcsQpAVGDsQqrTqEftuMZLL1KRiJ49fb8r7Q5ScvQrMYalyVHOdSVcd9tWJ40Z4JPF5WlChArTwPYmX4XBFUTvRCwvhkK\/pUxdhAIXU+sZHemowKvmd2vc4tNuYfG+8T3Hx3HQqsS6k+n+AAh5Zhf6DrX+PaEQ7lltXju\/ZrrX1owMIpMXMCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAacV+rYEHuyOc+fubErEtwHUVQpUZeYDK5yn8H0dVNCgTXteXX6vlWTR72ZmeOxUuDvryn15saKIl0t5hEOVcryDqo9ICczMKEJgDJty8BjcfFRiNIVP+o+YidWAivLSyFEiWtwCZ70DcnKUoE9W7eqIY0joJotSQLUWvGr2XbGIRZDVOOSbpnRHUIRnBTjXbyFUXki1LyVwGGKR1xeO2yHcqDgajjW38lUHoTNtDwmFozb+NQN0M2gao40OkeRHADDVdtTueGXgqTecPbhyOznG7LHTj1VGeaunb2dek67U2jG5Xadxob6EyVw1oQZfx7xFpJ1jlXlX\/YogxAu5rMAAD2TCCA9UwggK9oAMCAQICCQDa9ja0Q9SlizANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTUwNzE2MjIzNDM5WhcNMzgwMTE5MjIzNDM5WjCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9y"}
-00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00915{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 01763{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348677,"pkt_caplen":1047,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1047,"pkt_l4_len":1013,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQJ6FZAADQGF+BSUS4NwKgBsijL8XxcuYApHpAkbYAYABCpVAAAAQEICgY\/kt4np1JJdEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUO1Fz0DUSEsjDTllBSNE7wbCm1Q+DISmLeL\/rw0SdxmaCmu4EH6Cfq+DNeMVs0zTdujaybVLrWElJg5l\/5ua26NuCY7RncdRcyi+vt3Ayh1A1fMGQiNA0GS2poYGzSe379FXq4LLiV8afLq8xSQNuaW6sR\/V+rtZTrODagjOgkx71afiKpmRrnFZhUEzIfX4hNC9tCBWNCucHPwt1z9T2tAs1y7urJo7a9Ka8F4rBkok5MYNPh00jtuLb9KuQAT4H8zliqV\/W+oGjLde694UouRoShJWwgxi7TG3SnJXW6MTQUGeZ8T0TRUtui3XuXbgfI6HOkcHYL\/XbMUktex1jAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIcX+43sZ0q0zbIaaV6YjJpSuQvR8bkEGUE\/3atBZJjf+3Keq7YJd+llHwVPeYmtKvRiZ2sW0lqVzuI6uME+b5RgiBGomoySycdQRUbu3TFGZ5JqMiLyk\/Pd2FBpQGXhjBP1l1QWgB7I+MCIWCDjL1Ju1Qd8FCvUo2bZ9KhhM\/jo8Zlo5ydvnJOu6WW0S5fIDrkQejpBSIjafLJTtPIOJVyGKrhyJbQu0QmnTUD896n2L1uJ6SFuPdOCR+AlALc720XQ7ODAr7MyrjziAr5uqZ6op9QCKifuHDMD61VcgTeTbCIaIQFI0hC7ZViUdakOx0+UPbVSwq\/6jpxBxJKMuIcWAwMBbQwAAWkDABhhBMm9s8Y8J88iOw9K3+u\/3AfajdDmrOpBOO7giMyfvSo5L\/76QGF2ZlvSm5\/aYk7PEkCLUKOwycUsoss4h\/BaMQU642JPmP9wHYeCTg+9d9CS\/+TR1nnQLnRts\/8c07kKowYBAQASdYRrtnQlQGsnr5R9dQPyOge8X+Ol+hFeyjDQ05ioqRL2NErNJ\/f\/5E2vi9SjcqwCh\/8Rvtgxf4MWxHT6e+W4J3MkugNzmGTmtOIZuWfKU069SGKwwFKpf99govz567LcYHAuM6Fcu8TDjaNFc\/xkEzhqjGXW0+ocq9JKdMBGLnb+ooYJ1j3Hn3gnd2wBcI5NVa+d6JU+S2SHRTFuxmt5wnEO8a6XCffR1RNI4YgkpUsYwj8KPa0\/FY2fsM0Y7aw00S1JBF0SQ1uMsB4H74MKpmQ1XhXANJp1eqsFjBJ8mFwjk1VcoRdvIoEIC3kt5cXRdjSemxw85wvfacyQB2pcFgMDAAQOAAAA"}
-01150{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01192{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00429{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCRtXLmD\/oAQD+HSxwAAAQEICienUpoGP5Le"}
 00648{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":359930,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"EBMx8Tl2KDc3AG3ICABFAADSAABAAEAG923AqAGyUlEuDfF8KMsekCRtXLmD\/oAYEADMNQAAAQEICienUqQGP5LeFgMDAGYQAABiYQSZ4VMIFZunofNsZKskfH9CoUgEbmPZM0172VWSipLEiZJ8tBi\/dHcTG7RCWrNcz2\/AQcYpNTA8ndBbNxkUK+HcYMWAPwYzPIZ4h1KcmSlyEOlOUeciFUxTbOcYEEByNToUAwMAAQEWAwMAKFEeBZdZ7Ez9Dk9UFd\/JAeDaptobTxU9txDkeQwFw2\/S5DFGqpTkZnw="}
 00763{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434000,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEm6FdAADQGGsJSUS4NwKgBsijL8XxcuYP+HpAlC4AYABGhyQAAAQEICgY\/kugnp1KkFgMDALoEAAC2AAABLACwZZ5ezzAqP9XZMgDoL75RZ9gKsZPtv3hFgtTFajzKS8k1\/xXE2UCuTttunJSuBdIuKnEN\/Z99ojHQB0lZwOl\/jM0gwh2EA\/I4zNTxQf7PJXpRHQf3ROtUVUwTQMijIEMa04osUwsU4WGHLeJX38Ov5jzlweBhxRbW+NGtPsf0oW7yQnCIs+4EBuGsjX4ef7FPEE4ombBosBmM3sxpznGrqFUZaO+DnJkmP0+l9yxH78cUAwMAAQEWAwMAKDjhilnLpQKXwZ7zjsk+KQxeJhW\/yKcV\/p5IeQ8pH8uqlOmBkLiZfsE="}
@@ -107,7 +107,7 @@
 ~~ total detected protocols..: 5
 ~~ total active/idle flows...: 5/5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1856654 bytes
+~~ total memory allocated....: 2041933 bytes
-~~ total memory freed........: 1856654 bytes
+~~ total memory freed........: 2041933 bytes
-~~ total allocations/frees...: 35358/35358
+~~ total allocations/frees...: 37363/37363
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ftp.pcap.out

@@ -12,7 +12,7 @@
 00441{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976972,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2xCwDBkn+CABFEABBAABAAEAGAADAqAHUWoJGScYGABWjI5f+WCrCCYAYECpjewAAAQEICjtXmOwSZ\/tbUEFTUyBOY0ZUUEANCg=="}
 00419{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":45752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OopAADYGpvJagkZJwKgB1AAVxgZYKsIJoyOYC4AQAAMV2wAAAQEIChJn+207V5js"}
 00451{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":66945,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xCwDBkn+EBMx8Tl2CABFAABLOotAADYGptpagkZJwKgB1AAVxgZYKsIJoyOYC4AYAAM0PgAAAQEIChJn+3I7V5jsMjMwIExvZ2luIHN1Y2Nlc3NmdWwuDQo="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"FileTransfer"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
+00630{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
 00420{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAQECljbgAAAQEICjtXmUUSZ\/ty"}
 00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA5AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAYECljcwAAAQEICjtXmUUSZ\/tyUFdEDQo="}
 00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":94015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OoxAADYGpvBagkZJwKgB1AAVxgZYKsIgoyOYEIAQAAMVWgAAAQEIChJn+3k7V5lF"}
@@ -21,7 +21,7 @@
 00432{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
 00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
 02034{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637965,"pkt_caplen":1271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1271,"pkt_l4_len":1237,"pkt":"xCwDBkn+EBMx8Tl2CABFAATpn4tAADYGPTxagkZJwKgB1GRVxgdmK2Nx7sCijYAYAAMMxgAAAQEIChJn\/Po7V585LXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwMDAgRmViIDE5ICAyMDE2IDEwMDBHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDczNzQxODI0MDAgRmViIDE5ICAyMDE2IDEwMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAgMTAyNDAwIEZlYiAxOSAgMjAxNiAxMDBLQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDQ4NTc2MDAgRmViIDE5ICAyMDE2IDEwME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwIEZlYiAxOSAgMjAxNiAxMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNDg1NzYwIEZlYiAxOSAgMjAxNiAxME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQgRmViIDE5ICAyMDE2IDFHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgICAgMTAyNCBGZWIgMTkgIDIwMTYgMUtCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAxMDQ4NTc2IEZlYiAxOSAgMjAxNiAxTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgMjA5NzE1MjAwIEZlYiAxOSAgMjAxNiAyMDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAyMDk3MTUyMCBGZWIgMTkgIDIwMTYgMjBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgMjA5NzE1MiBGZWIgMTkgIDIwMTYgMk1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAzMTQ1NzI4IEZlYiAxOSAgMjAxNiAzTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgNTI0Mjg4MDAwIEZlYiAxOSAgMjAxNiA1MDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICA1MjQyODgwMCBGZWIgMTkgIDIwMTYgNTBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgIDUyNDI4OCBGZWIgMTkgIDIwMTYgNTEyS0IuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgIDUyNDI4ODAgRmViIDE5ICAyMDE2IDVNQi56aXANCmRyd3hyLXhyLXggICAgMiAxMDUgICAgICAxMDggICAgICAgICAxNjM4NCBNYXIgMTQgMjA6MDMgdXBsb2FkDQo="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"FileTransfer"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
 00420{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n4xAADYGQfBagkZJwKgB1GRVxgdmK2gm7sCijYARAAOfgQAAAQEIChJn\/Po7V585"}
 00420{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJoAQEAZjbgAAAQEICjtXn1USZ\/z6"}
 00420{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AQEAZjbgAAAQEICjtXn1USZ\/z6"}
@@ -55,7 +55,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1788475 bytes
+~~ total memory allocated....: 1973738 bytes
-~~ total memory freed........: 1788475 bytes
+~~ total memory freed........: 1973738 bytes
-~~ total allocations/frees...: 34520/34520
+~~ total allocations/frees...: 36525/36525
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ftp_failed.pcap.out

@@ -15,7 +15,7 @@
 00465{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":74667,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACYGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QchwFQbPgBgA4XzJAAABAQgKlgV6zFbTThFRVUlUDQo="}
 00479{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88560,"pkt_caplen":100,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":100,"pkt_l4_len":46,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOAC4GOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBs+ZN0HOgBgCAFELAAABAQgKVtNPzpYFeswyMjEgR29vZGJ5ZS4NCg=="}
 00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88598,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3Qc5wFQbdgBAA4XzDAAABAQgKlgV62lbTT84="}
-00609{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"FileTransfer"},"ftp": {"user":"hello","password":"","auth_failed":1}}
+00605{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
 00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744029 bytes
+~~ total memory allocated....: 1929276 bytes
-~~ total memory freed........: 1744029 bytes
+~~ total memory freed........: 1929276 bytes
-~~ total allocations/frees...: 33338/33338
+~~ total allocations/frees...: 35343/35343
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/genshin-impact.pcap.out

@@ -1,7 +1,7 @@
 00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00431{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":822667,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00582{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00425{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":843789,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwK09AADcRlhcv9Y9VwKgCZFZV5Y4AHKXfAAABRQADGDI6DaIVSZYC0hRRRUU="}
 00631{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":883763,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="}
 00537{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":914092,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"}
@@ -37,7 +37,7 @@
 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00431{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":491441,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00582{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00428{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":511233,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwBJVAADYRLowI0UW\/wKgCZFZVzV8AHCclAAABRQAC8VwSg\/gZSZYC0hRRRUU="}
 00632{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":572945,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="}
 00538{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":601044,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"}
@@ -61,7 +61,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1749068 bytes
+~~ total memory allocated....: 1934331 bytes
-~~ total memory freed........: 1749068 bytes
+~~ total memory freed........: 1934331 bytes
-~~ total allocations/frees...: 33370/33370
+~~ total allocations/frees...: 35375/35375
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/git.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744069 bytes
+~~ total memory allocated....: 1929316 bytes
-~~ total memory freed........: 1744069 bytes
+~~ total memory freed........: 1929316 bytes
-~~ total allocations/frees...: 33409/33409
+~~ total allocations/frees...: 35414/35414
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/google_ssl.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744319 bytes
+~~ total memory allocated....: 1929566 bytes
-~~ total memory freed........: 1744319 bytes
+~~ total memory freed........: 1929566 bytes
-~~ total allocations/frees...: 33348/33348
+~~ total allocations/frees...: 35353/35353
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/googledns_android10.pcap.out

@@ -127,7 +127,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 8/8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1801535 bytes
+~~ total memory allocated....: 1986838 bytes
-~~ total memory freed........: 1801535 bytes
+~~ total memory freed........: 1986838 bytes
-~~ total allocations/frees...: 33909/33909
+~~ total allocations/frees...: 35914/35914
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/gquic.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1747048 bytes
+~~ total memory allocated....: 1932295 bytes
-~~ total memory freed........: 1747048 bytes
+~~ total memory freed........: 1932295 bytes
-~~ total allocations/frees...: 33331/33331
+~~ total allocations/frees...: 35336/35336
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/h323-overflow.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1743536 bytes
+~~ total memory allocated....: 1928783 bytes
-~~ total memory freed........: 1743536 bytes
+~~ total memory freed........: 1928783 bytes
-~~ total allocations/frees...: 33321/33321
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/hangout.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1750218 bytes
+~~ total memory allocated....: 1935465 bytes
-~~ total memory freed........: 1750218 bytes
+~~ total memory freed........: 1935465 bytes
-~~ total allocations/frees...: 33340/33340
+~~ total allocations/frees...: 35345/35345
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/hpvirtgrp.pcap.out

@@ -169,7 +169,7 @@
 ~~ total detected protocols..: 9
 ~~ total active/idle flows...: 9/9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1789022 bytes
+~~ total memory allocated....: 1974333 bytes
-~~ total memory freed........: 1789022 bytes
+~~ total memory freed........: 1974333 bytes
-~~ total allocations/frees...: 33487/33487
+~~ total allocations/frees...: 35492/35492
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http-crash-content-disposition.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http-lines-split.pcap.out

@@ -24,7 +24,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1741895 bytes
+~~ total memory allocated....: 1927142 bytes
-~~ total memory freed........: 1741895 bytes
+~~ total memory freed........: 1927142 bytes
-~~ total allocations/frees...: 33335/33335
+~~ total allocations/frees...: 35340/35340
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http_ipv6.pcap.out

@@ -189,7 +189,7 @@
 ~~ total detected protocols..: 7
 ~~ total active/idle flows...: 15/15
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1861413 bytes
+~~ total memory allocated....: 2046772 bytes
-~~ total memory freed........: 1861413 bytes
+~~ total memory freed........: 2046772 bytes
-~~ total allocations/frees...: 33620/33620
+~~ total allocations/frees...: 35625/35625
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/iec60780-5-104.pcap.out

@@ -113,7 +113,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1761482 bytes
+~~ total memory allocated....: 1946769 bytes
-~~ total memory freed........: 1761482 bytes
+~~ total memory freed........: 1946769 bytes
-~~ total allocations/frees...: 33481/33481
+~~ total allocations/frees...: 35486/35486
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/imaps.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1746950 bytes
+~~ total memory allocated....: 1932197 bytes
-~~ total memory freed........: 1746950 bytes
+~~ total memory freed........: 1932197 bytes
-~~ total allocations/frees...: 33344/33344
+~~ total allocations/frees...: 35349/35349
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/instagram.pcap.out

@@ -507,7 +507,7 @@
 ~~ total detected protocols..: 25
 ~~ total active/idle flows...: 38/38
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 3119232 bytes
+~~ total memory allocated....: 3304775 bytes
-~~ total memory freed........: 3119232 bytes
+~~ total memory freed........: 3304775 bytes
-~~ total allocations/frees...: 37053/37053
+~~ total allocations/frees...: 39058/39058
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ip_fragmented_garbage.pcap.out

@@ -18219,7 +18219,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 29/29
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1830556 bytes
+~~ total memory allocated....: 2016027 bytes
-~~ total memory freed........: 1830556 bytes
+~~ total memory freed........: 2016027 bytes
-~~ total allocations/frees...: 33432/33432
+~~ total allocations/frees...: 35437/35437
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/iphone.pcap.out

@@ -509,7 +509,7 @@
 ~~ total detected protocols..: 52
 ~~ total active/idle flows...: 53/53
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2358558 bytes
+~~ total memory allocated....: 2544221 bytes
-~~ total memory freed........: 2358558 bytes
+~~ total memory freed........: 2544221 bytes
-~~ total allocations/frees...: 34237/34237
+~~ total allocations/frees...: 36242/36242
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ipv6_in_gtp.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1738307 bytes
+~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1738307 bytes
+~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 33316/33316
+~~ total allocations/frees...: 35321/35321
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/irc.pcap.out

@@ -7,7 +7,7 @@
 00419{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"}
 00443{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695673,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"AAAMB6wBABNyxPHhCABFAABF\/+NAAEAGJikKtJz5JuVGFLNhH0BpMfDpkRUtNoAYAHMU3gAAAQEICr7CD2IwSCUWTklDSyBtb2xvY2h0ZXN0DQo="}
 00504{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695929,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"ABNyxPHhANAr0XYACABFAAByCCFAADIGK78m5UYUCrSc+R9As2GRFS02aTHw6YAYAFuk2AAAAQEICjBIJRa+wg9EOmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogTG9va2luZyB1cCB5b3VyIGhvc3RuYW1lLi4uDQo="}
-00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
 00419{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695943,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+RAAEAGJjkKtJz5JuVGFLNhH0BpMfD6kRUtdIAQAHNSyQAAAQEICr7CD2IwSCUW"}
 00488{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":726130,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ABNyxPHhANAr0XYACABFAABlCCJAADIGK8sm5UYUCrSc+R9As2GRFS10aTHw+oAYAFuqEAAAAQEICjBIJR2+wg9iOmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogQ2hlY2tpbmcgSWRlbnQNCg=="}
 00421{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":726146,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+VAAEAGJjgKtJz5JuVGFLNhH0BpMfD6kRUtpYAQAHNScwAAAQEICr7CD4AwSCUd"}
@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1744348 bytes
+~~ total memory allocated....: 1929595 bytes
-~~ total memory freed........: 1744348 bytes
+~~ total memory freed........: 1929595 bytes
-~~ total allocations/frees...: 33349/33349
+~~ total allocations/frees...: 35354/35354
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~